Exploits / Vulnerability Discovered : 2018-03-12 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Prisma industriale checkweigher prismaweb 1.21 hardcoded credentials is for educational purposes only and if it is used you will do on your own risk!
Desc: The vulnerability exists due to the disclosure of hard-coded credentials allowing
an attacker to effectively bypass authentication of PrismaWEB with administrator
privileges. The credentials can be disclosed by simply navigating to the login_par.js
JavaScript page that holds the username and password for the management interface that
are being used via the Login() function in /scripts/functions_cookie.js script.
Tested on: HMS AnyBus-S WebServer
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience