Optergy Proton And Enterprise BMS 2.0.3a Command Injection Exploit

This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System BMS applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called...

Optergy Proton And Enterprise BMS 2.0.3a Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Optergy Proton and Enterprise BMS Command Injection using a backdoor', 'Description' = %q This module exploits an undocumented backdoor...

Optergy Proton/Enterprise BMS 2.3.0a Open Redirect

Open Redirect in Optergy Proton/Enterprise BMS Firmware version: =2.3.0a CVE: CVE-2019-7275 Advisory: https://applied-risk.com/resources/ar-2019-008 Paper: https://applied-risk.com/resources/i-own-your-building-management-system by Gjoko 'LiquidWorm' Krstic GET /updating.jsp?url=https://segfault....

Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)

Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/'...