CVE-2018-9161 PoC — Prisma Industriale Checkweigher PrismaWEB 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-9161.yaml

Associated Vulnerability

Title:Prisma Industriale Checkweigher PrismaWEB 安全漏洞 (CVE-2018-9161)
Description:Prisma Industriale Checkweigher PrismaWEB是意大利Prisma公司的一套用于检重称的管理系统。 Prisma Industriale Checkweigher PrismaWEB 1.21版本中存在安全漏洞。远程攻击者可通过读取user/scripts/login_par.js文件利用该漏洞获取prismaweb账户的硬编码密码。

Description

PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.

File Snapshot


 id: CVE-2018-9161

info:
  name: PrismaWEB - Credentials Disclosure
  author: gy741
  severity: crit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!