CVE-2018-11517 PoC — mySCADA myPRO 安全漏洞

Source

https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure

Associated Vulnerability

Title:mySCADA myPRO 安全漏洞 (CVE-2018-11517)
Description:mySCADA myPRO是捷克共和国mySCADA Technologies公司的一套工业可视化控制系统。 mySCADA myPRO 7版本中存在安全漏洞。远程攻击者可通过将从870000到875000的所有的‘prj’参数值通过t=0&rq=0请求发送到TCP 11010端口利用该漏洞泄露项目中的全部ProjectID。

Description

CVE-2018-11517 | mySCADA myPRO v7.0.46 has another vulnerability to discover all projects in the system.

Readme

# mySCADA myPRO 7 - projectID Disclosure

mySCADA myPRO v7.0.46 has another vulnerability to discover all projects in the system.

## CVE-2018-11517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11517

```
git clone https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure.git
 
cd mySCADA-myPRO-7-projectID-Disclosure/

cp mypro_enum_projectid.rb /usr/share/metasploit-framework/modules/auxiliary/gather/

msfconsole

use auxiliary/gather/mypro_enum_projectid 

set RHOST [IP ADDRESS]

run
```

![alt tag](https://emreovunc.com/images/mySCADA_myPRO7-projectID.png)
-

File Snapshot


 [4.0K]  /data/pocs/a511171fe94c010d391ccbb0b8653ae7bd1c27bd
├── [2.1K]  mypro_enum_projectid.rb
└── [ 587]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!