Create solar-log-authbypass.yaml

2021-08-17 18:02:41 +05:30 · 2021-08-17 18:02:41 +05:30 · 727e73c5c3
parent 5e55dc1e24
commit 727e73c5c3
1 changed files with 32 additions and 0 deletions
--- a/vulnerabilities/other/solar-log-authbypass.yaml
+++ b/vulnerabilities/other/solar-log-authbypass.yaml
@ -0,0 +1,32 @@
+id: solar-log-authbypass
+
+info:
+  name: Solar-Log 500 2.8.2 - Incorrect Access Control
+  author: geeknik
+  severity: high
+  description: The web administration server for Solar-Log 500 all versions prior to 2.8.2 Build 52 does not require authentication, which allows arbitrary remote attackers>
+  reference: https://www.exploit-db.com/exploits/49986
+  tags: solarlog,auth-bypass
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/lan.html"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: header
+        words:
+          - "IPC@CHIP"
+
+      - type: word
+        part: body
+        words:
+          - " Solare Datensysteme GmbH"
+          - "mailto:info@solar-log.com"
+        condition: and