Solar-Log Base 2000- Broken Access Control
2024-4-22 04:32:56 Author: cxsecurity.com(查看原文) 阅读量:8 收藏

# Exploit Title: Solar-Log Base 2000- Broken Access Control # Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600"" # Date: 4/21/2024 # Exploit Author: parsa rezaie khiabanloo # Vendor Homepage: https://www.solar-log.com/en/ # Version: Solar-Log Base 2000 # Tested on: Windows/Linux # 1. Description: # An issue was discovered in Solar-Log Base 2000. # Attacker can use shodan dorks to find the devices then can go to the configuration tab without aunthentication . # In this Configuration tab can upload anyfile that want . # Attacker can set this path #ilang=EN&b=c_network_proxy to find proxies with password for grap password as clear that can use Inspect element then click on the password . # Change this input type value to clear <input type="password" id="i_prxpass" name="434" class="field SDSLF1"> <input type="clear" id="i_prxpass" name="434" class="field SDSLF1"> # 2. Proof of Concept (POC) : http://46.44.227.172:84/#ilang=EN&b=c_network_proxy http://46.44.227.172:84/#ilang=EN&b=c_data_initial



 

Thanks for you comment!
Your message is in quarantine 48 hours.


文章来源: https://cxsecurity.com/issue/WLB-2024040050
如有侵权请联系:admin#unsafe.sh