PWNWIK.COM==免费、自由、人人可编辑的漏洞库
,
# Exploit Title: Solar-Log 500 2.8.2 - Incorrect Access Control # Google Dork: In Shodan search engine, the filter is ""Server: email protected"" # Date: 2021-06-11 # Exploit Author: Luca.Chiou # Vendor Homepage: https://www.solar-log.com/en/ # Software Link: Firmware for Solar-Log https://www.solar-log.com/en/support/firmware/ # Version: Solar-Log 500 all versions prior to 2.8.2 Build 52 - 23.04.2013 # Tested on: It is a proprietary devices: https://www.solar-log.com/en/support/firmware/ # 1. Description: # The web administration server for Solar-Log 500 all versions prior to 2.8.2 Build 52 does not require authentication, # which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. # As a result, the attacker can modify configuration files and change the system status. # 2. Proof of Concept: # Access the /lan.html of Solar-Log 500 without ANY authentication, # and you can get gain administrative privileges to modify configuration files and change the system status. # http://<Your Modem IP>/lan.html
pwnwiki.com