c79c4813de
4 changes to exploits/shellcodes/ghdb MCL-Net 4.3.5.8788 - Information Disclosure Abantecart v1.3.2 - Authenticated Remote Code Execution Bludit < 3.13.1 Backup Plugin - Arbitrary File Download (Authenticated) SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution NCH Express Invoice - Clear Text Password Storage and Account Takeover
15 lines
No EOL
959 B
Text
15 lines
No EOL
959 B
Text
# Exploit Title: MCL-Net 4.3.5.8788 - Information Disclosure
|
|
# Date: 5/31/2023
|
|
# Exploit Author: Victor A. Morales, GM Sectec Inc.
|
|
# Vendor Homepage: https://www.mcl-mobilityplatform.com/net.php
|
|
# Version: 4.3.5.8788 (other versions may be affected)
|
|
# Tested on: Microsoft Windows 10 Pro
|
|
# CVE: CVE-2023-34834
|
|
|
|
Description:
|
|
Directory browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.
|
|
|
|
Steps to reproduce:
|
|
1. Navigate to the webserver on default port 5080, where "Index of Services" will disclose directories, including the "/file" directory.
|
|
2. Browse to the "/file" directory and database entry folders configured
|
|
3. The "AdoInfo.txt" file will contain the database connection strings in plaintext for the configured database. Other files containing database information are also available inside the directory. |