Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/documentation/modules/auxiliary/gather/advantech_webaccess_creds.md
Views: 11623
Vulnerable Application
This module exploits three vulnerabilities in Advantech WebAccess.
The first vulnerability is the ability for an arbitrary user to access the admin user list page, revealing the username of every user on the system.
The second vulnerability is the user edit page can be accessed loaded by an arbitrary user, with the data of an arbitrary user.
The final vulnerability exploited is that the HTML Form on the user edit page contains the user's plain text password in the masked password input box. Typically the system should replace the actual password with a masked character such as "*".
Version 8.1 was tested during development:
8.2 is not vulnerable to this.
Verification Steps
Start msfconsole
use auxiliary/gather/advantech_webaccess_credsset WEBACCESSUSER [USER]set WEBACCESSPASS [PASS]run
Options
WEBACCESSUSER
The username to use to log into Advantech WebAccess. By default, there is a built-in account admin that you could use.
WEBACCESSPASS
The password to use to log into AdvanTech WebAccess. By default, the built-in account admin does not have a password, which could be something you can use.
Scenarios
