CVE-2018-16670 PoC — CIRCONTROL CirCarLife 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-16670.yaml

Associated Vulnerability

Title:CIRCONTROL CirCarLife 安全漏洞 (CVE-2018-16670)
Description:CIRCONTROL CirCarLife是西班牙CIRCONTROL公司的一套停车场自动化管理系统。 CIRCONTROL CirCarLife 4.3之前版本中存在安全漏洞，该漏洞源程序于缺少对/html/devstat.html文件的身份验证。远程攻击者可利用该漏洞获取在充电站使用的PLC的状态信息。

Description

CirCarLife before 4.3 is susceptible to improper authentication. A PLC status disclosure exists due to lack of authentication for /html/devstat.html. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.

File Snapshot


 id: CVE-2018-16670

info:
  name: CirCarLife <4.3 - Improper Authentication
  author: geeknik
  seve

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!