Remote Terminal SCADA Access - Hex00010

1. Re - Linking all of my old ' guest ' pastebins to one main account so i dont have to search for all of them through google
2.  
3.  
4. Main PasteBin Link -> http://pastebin.com/C9CZcm2k
5. -------------------------------------------------------------------------------------------------------
6.  
7. While going over the exploit located here
8.  
9. http://pastebin.com/BjFgT6kB the 2,000 SCADA System which i by the way posted WEEKS ago + Notified the Homeland Security ( I can show e-mails for proof)+ and emailed the FBI in effort to try and get this fixed
10.  
11.  
12. The most obvious is well they have yet to fix it but this is not what im here to discuss
13.  
14. while going over this exploit i came about ANOTHER exploit for the SERVER control part of it
15.  
16. While my 2k Exploit effects the SCADA system its self this exploit effects the SERVER its self
17.  
18. With Such you are also allowed access to the FTP
19.  
20.  
21.  
22. The Source code to the SCADA product + the web interface + additional default install code is compressed in dirs - I dont have to explain the issue here as to why this is bad
23.  
24.  
25. What all you can do?
26.  
27.  
28. Access this service Via Terminal Sessions , and FTP
29.  
30.  
31. Pictures Below to provide proof of concept
32.  
33.  
34.  
35.  
36. Terminal Session Proof ----->
37.  
38. http://i45.tinypic.com/34p1dn8.png
39.  
40.  
41. FTP Proof ----->
42.  
43.  
44. http://i45.tinypic.com/15rnx8g.png
45.  
46.  
47.  
48.  
49.  
50. Also for the people that cant comprehend or see the " HOLY SHIT " in this look at the the perms on the files and dir's :)
51.  
52.  
53.  
54. By - Hex00010
55. Twitter - https://twitter.com/#!/Hex000101
56. Email - uat666@hotmail.com