CVE-2022-26833 PoC — Open Automation Software OAS Platform 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-26833.yaml

Associated Vulnerability

Title:Open Automation Software OAS Platform 访问控制错误漏洞 (CVE-2022-26833)
Description:Open Automation Software OAS Platform是美国Open Automation Software公司的一个工业物联网（IoT）套件。旨在帮助企业将数据源连接到 OAS 平台。 Open Automation Software OAS Platform V16.00.0112 版本存在访问控制错误漏洞，该漏洞源于 REST API 功能中存在不当身份验证问题。攻击者利用该漏洞通过发送一系列专门制作的 HTTP 请求可未经身份验证使用 REST API。

Description

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.

File Snapshot


 id: CVE-2022-26833

info:
  name: Open Automation Software OAS Platform V16.00.0121 - Missing Authen

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!