Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

DEOS OPEN 500EMS Controller - Admin Exposure

By kannthu

High
Vidoc logoVidoc Module
#openv500#disclosure#panel
Description

What is the "DEOS OPEN 500EMS Controller - Admin Exposure?"

The "DEOS OPEN 500EMS Controller - Admin Exposure" module is designed to detect a vulnerability in the DEOS OPEN 500EMS controller. This controller is used for administrative functions without authentication. The severity of this vulnerability is classified as high. The original author of this module is sullo.

Impact

If exploited, this vulnerability allows unauthorized access to the administrative functions of the DEOS OPEN 500EMS controller. This can lead to unauthorized configuration changes and potential compromise of the system.

How the module works?

The module works by sending HTTP requests to the target system and matching the responses against specific conditions. In this case, the module sends GET requests to the following paths:

/cgi-bin/cosmobdf.cgi?function=0
/cgi-bin/cosmobdf.cgi?function=1

The module then applies the following matching conditions:

- The response status must be 200. - The response body must contain either "OPENview", "/cgi-bin/cosmobdf.cgi?function=12", or "/cgi-bin/cosmobdf.cgi?function=2".

If both conditions are met, the module reports a vulnerability.

For more information, you can visit the DEOS AG website.

Metadata: max-request: 2

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cgi-bin/cosmobdf.cg.../cgi-bin/cosmobdf.cg...
Matching conditions
status: 200and
word: <b>OPENview</b>, /cgi-bin/cosmobdf.cgi?f...
Passive global matcher
No matching conditions.
On match action
Report vulnerability