Sielco Analog FM Transmitter 2.12 – ‘id’ Cookie Brute Force Session Hijacking

• Exploit Database
• 35 阅读

• 作者： LiquidWorm
  日期： 2023-04-14
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51363/

• ## Exploit Title: Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
  ## Exploit Author: LiquidWorm
  
  Vendor: Sielco S.r.l
  Product web page: https://www.sielco.org
  Affected version: 2.12 (EXC5000GX)
  2.12 (EXC120GX)
  2.11 (EXC300GX)
  2.10 (EXC1600GX)
  2.10 (EXC2000GX)
  2.08 (EXC1600GX)
  2.08 (EXC1000GX)
  2.07 (EXC3000GX)
  2.06 (EXC5000GX)
  1.7.7 (EXC30GT)
  1.7.4 (EXC300GT)
  1.7.4 (EXC100GT)
  1.7.4 (EXC5000GT)
  1.6.3 (EXC1000GT)
  1.5.4 (EXC120GT)
  
  Summary: Sielco designs and produces FM radio transmitters
  for professional broadcasting. The in-house laboratory develops
  standard and customised solutions to meet all needs. Whether
  digital or analogue, each product is studied to ensure reliability,
  resistance over time and a high standard of safety. Sielco
  transmitters are distributed throughout the world and serve
  many radios in Europe, South America, Africa, Oceania and China.
  
  Desc: The Cookie session ID 'id' is of an insufficient length and
  can be exploited by brute force, which may allow a remote attacker
  to obtain a valid session, bypass authentication and manipulate
  the transmitter.
  
  Tested on: lwIP/2.1.1
   Web/3.0.3
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2023-5758
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5758.php
  
  
  26.01.2023
  
  --
  
  
  # Session values (len=5)
  
  Cookie: id=44189
  Cookie: id=37692
  Cookie: id=+6638
  Cookie: id=+3077
  ...
  ...