API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 7th, 2016
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.13 KB | None | 0 0
raw download clone embed print report
  1. Untangle NGFW <= v12.0.1 execEvil() authenticated root CI exploit
  2. by @3xocyte
  3.  
  4. [*] Opening session...
  5. [*] Authenticating...
  6. Logging in...
  7. Posting to RPC URL...
  8. req_nonce: <Response [200]>
  9. req_nonce.text: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  10.  
  11. <html xmlns="http://www.w3.org/1999/xhtml">
  12. <head>
  13. <title>Untangle Administrator Login</title>
  14. <script type="text/javascript">if (top.location!=location) top.location.href=document.location.href;</script>
  15. <style type="text/css">
  16. /* <![CDATA[ */
  17. @import url(/images/base.css);
  18. /* ]]> */
  19. </style>
  20. </head>
  21. <body class="loginPage">
  22. <div id="main" style="width: 500px; margin: 50px auto 0 auto;">
  23. <form method="post" action="/auth/login?url=/webui/JSON-RPC&amp;realm=Administrator" class="form-signin">
  24. <center>
  25. <img style="margin-bottom:10px;" src="/images/BrandingLogo.png"><br/>
  26. <span class="form-signin-heading"><strong>Untangle Administrator Login</strong></span>
  27. <br/>
  28. <div class="banner"></div>
  29. <br/>
  30. <span><strong></strong></span>
  31. <table>
  32. <tbody>
  33. <tr><td style="text-align:right;color:white;">Server:</td><td><em><font color="white">&nbsp;192.168.242.151</font></em></td></tr>
  34. <tr><td style="text-align:right;color:white;">Username:</td><td><input id="username" type="text" name="username" value="admin" class="input-block-level"/></td></tr>
  35. <tr><td style="text-align:right;color:white;">Password:</td><td><input id="password" type="password" name="password" class="input-block-level"/></td></tr>
  36. </tbody>
  37. </table>
  38. <br/>
  39. <div style="text-align: center;color:white;"><button value="login" type="submit">Login</button></div>
  40. </center>
  41. </form>
  42. <script type="text/javascript">document.getElementById('password').focus();</script>
  43. </div>
  44. </body>
  45. </html>
  46. Parsing JSON response...
  47. No JSON object could be decoded
  48. [!] Authentication failed. Quitting.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!