module

Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload

Try Surface Command
Back to search
Disclosed
03/14/2017
Created
06/14/2018

Description

This module exploits an unrestricted file upload vulnerability in
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file
allows remote authenticated attackers to upload and execute arbitrary
PHP code via a filename with a .php extension, which is then accessed via a
direct request to the file in the upload/ directory.

To authenticate for this attack, one can obtain web-interface credentials
in cleartext by leveraging the existing local file read vulnerability
referenced by CVE-2015-8279, which allows remote attackers to read the
web interface credentials by sending a request to:
cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.

Authors

Omar Mezrag Realistic SecurityAlgeria

Platform

PHP

Architectures

php

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

    msf > use exploit/linux/http/samsung_srv_1670d_upload_exec
    msf /(c) > show actions
        ...actions...
    msf /(c) > set ACTION < action-name >
    msf /(c) > show options
        ...show and set options...
    msf /(c) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today