免费、自由、人人可编辑的漏洞库
,
# Exploit Title: Solar-Log 500 2.8.2 - Unprotected Storage of Credentials # Google Dork: In Shodan search engine, the filter is ""Server: email protected"" # Date: 2021-06-11 # Exploit Author: Luca.Chiou # Vendor Homepage: https://www.solar-log.com/en/ # Software Link: Firmware for Solar-Log https://www.solar-log.com/en/support/firmware/ # Version: Solar-Log 500 all versions prior to 2.8.2 Build 52 - 23.04.2013 # Tested on: It is a proprietary devices: https://www.solar-log.com/en/support/firmware/ # 1. Description: # An issue was discovered in Solar-Log 500 prior to 2.8.2 Build 52 - 23.04.2013. # In /export.html, email.html, sms.html, the devices store plaintext passwords, # which may allow sensitive information to be read by someone with access to the device. # 2. Proof of Concept: # Browse the configuration page in Solar-Log 500, # we can find out that the passwords of FTP, SMTP, SMS services are stored in plaintext. # http://<Your Modem IP>/export.html # http://<Your Modem IP>/email.html # http://<Your Modem IP>/sms.html
PWNWIK.COM==免费、自由、人人可编辑的漏洞库
