Solar-Log 500 2.8.2 - Incorrect Access Control

What is the "Solar-Log 500 2.8.2 - Incorrect Access Control?"

The "Solar-Log 500 2.8.2 - Incorrect Access Control" module is designed to detect a vulnerability in the Solar-Log 500 software. This module focuses on identifying instances where the software has incorrect access control, which can potentially lead to unauthorized access and compromise of the system. The severity of this vulnerability is classified as high, indicating the potential for significant impact if exploited.

Impact

If the Solar-Log 500 software is found to have incorrect access control, it can allow unauthorized individuals to gain access to sensitive information or perform unauthorized actions within the system. This can lead to data breaches, unauthorized system modifications, and potential disruption of critical operations.

How the module works?

The module works by sending HTTP requests to the target system and analyzing the responses based on predefined matching conditions. In this case, the module sends a GET request to the "/lan.html" path and checks for specific conditions to determine if the Solar-Log 500 software is present and if it exhibits signs of incorrect access control.

The matching conditions include:

- Checking if the response status is 200 (indicating a successful request) - Verifying if the response header contains the word "IPC@CHIP" - Searching for specific words in the response body, such as "Solare Datensysteme GmbH" and "mailto:[email protected]"

If all of these conditions are met, the module will report a vulnerability related to incorrect access control in the Solar-Log 500 software.