OpenBMCS 2.4 Secret Disclosure ≈ Packet Storm

Home^[1] Files^[2] News^[3] Contact^[4] Add New^[5]

Change Mirror^[12] Download^[13]

        
OpenBMCS 2.4 Secrets Disclosure
Vendor: OPEN BMCS
Product web page: https://www.openbmcs.com
Affected version: 2.4
Summary: Building Management & Controls System (BMCS). No matter what the
size of your business, the OpenBMCS software has the ability to expand to
hundreds of controllers. Our product can control and monitor anything from
a garage door to a complete campus wide network, with everything you need
on board.
Desc: The application allows directory listing and information disclosure of
some sensitive files that can allow an attacker to leverage the disclosed
information and gain full BMS access.
Tested on: Linux Ubuntu 5.4.0-65-generic (x86_64)
Linux Debian 4.9.0-13-686-pae/4.9.228-1 (i686)
Apache/2.4.41 (Ubuntu)
Apache/2.4.25 (Debian)
nginx/1.16.1
PHP/7.4.3
PHP/7.0.33-0+deb9u9
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2022-5695
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5695.php
26.10.2021
--
https://192.168.1.222/debug/
Index of /debug
change_password_sqls
clear_all_watches.php
controllerlog/
dash/
dodgy.php
fix_out.php
graphics/
graphics_diag.php
graphics_ip_diag/
jace_info.php
kits/
mysession.php
nuke.php
obix_test.php
print_tree.php
reboot_backdoor.php
rerunSQLUpdates.php
reset_alarm_trigger_times.php
system/
test_chris_obix.php
timestamp.php
tryEmail.php
trysms.php
unit_testing/
userlog/
...
...
/cache/
/classes/
/config/
/controllers/
/core/
/css/
/display/
/fonts/
/images/
/js/
/php/
/plugins/
/sounds/
/temp/
/tools/
/core/assets/
/core/backup/
/core/crontab/
/core/font/
/core/fonts/
/core/license/
/core/load/
/core/logout/
/core/password/
/php/audit/
/php/phpinfo.php
/php/temp/
/php/templates/
/php/test/
/php/weather/
/plugins/alarms/
/tools/phpmyadmin/index.php
/tools/migrate.php

• Follow us on Twitter^[16]
• Follow us on Facebook^[17]
• Subscribe to an RSS Feed^[18]

File Tags

• ActiveX^[19] (932)
• Advisory^[20] (76,530)
• Arbitrary^[21] (14,930)
• BBS^[22] (2,859)
• Bypass^[23] (1,516)
• CGI^[24] (1,009)
• Code Execution^[25] (6,445)
• Conference^[26] (665)
• Cracker^[27] (797)
• CSRF^[28] (3,246)
• DoS^[29] (21,519)
• Encryption^[30] (2,319)
• Exploit^[31] (49,101)
• File Inclusion^[32] (4,118)
• File Upload^[33] (932)
• Firewall^[34] (821)
• Info Disclosure^[35] (2,531)
• Intrusion Detection^[36] (841)
• Java^[37] (2,719)
• JavaScript^[38] (787)
• Kernel^[39] (5,892)
• Local^[40] (13,886)
• Magazine^[41] (586)
• Overflow^[42] (12,011)
• Perl^[43] (1,409)
• PHP^[44] (5,024)
• Proof of Concept^[45] (2,273)
• Protocol^[46] (3,228)
• Python^[47] (1,365)
• Remote^[48] (29,312)
• Root^[49] (3,419)
• Ruby^[50] (563)
• Scanner^[51] (1,627)
• Security Tool^[52] (7,627)
• Shell^[53] (3,012)
• Shellcode^[54] (1,192)
• Sniffer^[55] (877)
• Spoof^[56] (2,062)
• SQL Injection^[57] (15,855)
• TCP^[58] (2,345)
• Trojan^[59] (666)
• UDP^[60] (865)
• Virus^[61] (657)
• Vulnerability^[62] (30,108)
• Web^[63] (8,857)
• Whitepaper^[64] (3,696)
• x86^[65] (939)
• XSS^[66] (17,200)
• Other^[67]

File Archives

• January 2022^[68]
• December 2021^[69]
• November 2021^[70]
• October 2021^[71]
• September 2021^[72]
• August 2021^[73]
• July 2021^[74]
• June 2021^[75]
• May 2021^[76]
• April 2021^[77]
• March 2021^[78]
• February 2021^[79]
• Older^[80]

Systems

• AIX^[81] (423)
• Apple^[82] (1,853)
• BSD^[83] (368)
• CentOS^[84] (54)
• Cisco^[85] (1,909)
• Debian^[86] (5,946)
• Fedora^[87] (1,690)
• FreeBSD^[88] (1,241)
• Gentoo^[89] (4,148)
• HPUX^[90] (875)
• iOS^[91] (309)
• iPhone^[92] (108)
• IRIX^[93] (220)
• Juniper^[94] (67)
• Linux^[95] (41,261)
• Mac OS X^[96] (682)
• Mandriva^[97] (3,105)
• NetBSD^[98] (255)
• OpenBSD^[99] (476)
• RedHat^[100] (10,901)
• Slackware^[101] (941)
• Solaris^[102] (1,601)
• SUSE^[103] (1,444)
• Ubuntu^[104] (7,567)
• UNIX^[105] (9,007)
• UnixWare^[106] (182)
• Windows^[107] (6,248)
• Other^[108]

© 2020 Packet Storm. All rights reserved.