Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
cve_poc/CVE-2019-11367
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
20 lines (18 sloc)
1.03 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: AUO Solar Data Recorder - Incorrect Access Control | |
| # Date: 2019-04-16 | |
| # Exploit Author: Luca.Chiou | |
| # Vendor Homepage: https://www.auo.com/zh-TW | |
| # Version: AUO Solar Data Recorder all versions prior to v1.3.0 | |
| # Tested on: It is a proprietary devices: https://solar.auo.com/en-global/Support_Download_Center/index | |
| # CVE-ID: CVE-2019-11367 | |
| # 1. Description: | |
| # In AUO Solar Data Recorder web page, it's use HTTP Basic Access Authentication. | |
| # Once user access the files which are under path http://<host>/protect/, | |
| # the website will response the plaintext account and password in WWW-Authenticate attribute. | |
| # Attackers is capable to login AUO Solar Data Recorder successfully. | |
| # 2. Proof of Concept: | |
| # Access the files which are under path http://<host>/protect/ of AUO Solar Data Recorder. | |
| # The website use HTTP Basic Access Authentication, | |
| # and response the plaintext account and password in WWW-Authenticate attribute. | |
| # By using the account and password in HTTP response, | |
| # anyone can login AUO Solar Data Recorder successfully. |