Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

CirCarLife - Installer

By kannthu

Critical
Vidoc logoVidoc Module
#scada#circontrol#circarlife#setup#exposure
Description

CirCarLife - Installer

What is the "CirCarLife - Installer" module?

The "CirCarLife - Installer" module is a test case designed to detect misconfigurations in the CirCarLife admin panel. CirCarLife is an internet-connected electric vehicle charging station software. This module focuses on identifying vulnerabilities in the setup process of the software. The severity of the module is classified as critical.

Author: geeknik

Impact

If a misconfiguration is detected by the "CirCarLife - Installer" module, it could potentially expose the network setup, modem setup, and security setup of the CirCarLife admin panel. This could lead to unauthorized access and compromise the security of the electric vehicle charging station.

How does the module work?

The "CirCarLife - Installer" module works by sending an HTTP GET request to the "/html/setup.html" path of the target. It then applies a series of matching conditions to determine if the CirCarLife Scada header, specific keywords in the response body ("", "Network setup", "Modem setup", "Security setup"), and a 200 status code are present.

Example HTTP request:

GET /html/setup.html

Matching conditions:

- The response must contain the "CirCarLife Scada" header. - The response body must include the keywords "", "Network setup", "Modem setup", and "Security setup". - The response status code must be 200.

For more information about CirCarLife, you can visit their website: https://circontrol.com/

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/html/setup.html
Matching conditions
word: CirCarLife Scadaand
word: <title>- setup</title>, Network setup, M...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability