Solar-Log Base 2000- Broken Access Control

2024.04.21
ir parsa rezaie khiabanloo (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600""

# Exploit Title: Solar-Log Base 2000- Broken Access Control # Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600"" # Date: 4/21/2024 # Exploit Author: parsa rezaie khiabanloo # Vendor Homepage: https://www.solar-log.com/en/ # Version: Solar-Log Base 2000 # Tested on: Windows/Linux # 1. Description: # An issue was discovered in Solar-Log Base 2000. # Attacker can use shodan dorks to find the devices then can go to the configuration tab without aunthentication . # In this Configuration tab can upload anyfile that want . # Attacker can set this path #ilang=EN&b=c_network_proxy to find proxies with password for grap password as clear that can use Inspect element then click on the password . # Change this input type value to clear <input type="password" id="i_prxpass" name="434" class="field SDSLF1"> <input type="clear" id="i_prxpass" name="434" class="field SDSLF1"> # 2. Proof of Concept (POC) : http://46.44.227.172:84/#ilang=EN&b=c_network_proxy http://46.44.227.172:84/#ilang=EN&b=c_data_initial


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top