Solar-Log 500 2.8.2 – Incorrect Access Control

• Exploit Database
• 42 阅读

• 作者： Luca.Chiou
  日期： 2021-06-11
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49986/

• # Exploit Title: Solar-Log 500 2.8.2 - Incorrect Access Control
  # Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP""
  # Date: 2021-06-11
  # Exploit Author: Luca.Chiou
  # Vendor Homepage: https://www.solar-log.com/en/
  # Software Link: Firmware for Solar-Log https://www.solar-log.com/en/support/firmware/
  # Version: Solar-Log 500 all versions prior to 2.8.2 Build 52 - 23.04.2013
  # Tested on: It is a proprietary devices: https://www.solar-log.com/en/support/firmware/
  
  # 1. Description:
  # The web administration server for Solar-Log 500 all versions prior to 2.8.2 Build 52 does not require authentication,
  # which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
  # As a result, the attacker can modify configuration files and change the system status.
  
  # 2. Proof of Concept:
  # Access the /lan.html of Solar-Log 500 without ANY authentication,
  # and you can get gain administrative privileges to modify configuration files and change the system status.
  # http://<Your Modem IP>/lan.html