Remote Terminal SCADA Access - Hex00010

1. While going over the exploit located here
2.  
3. http://pastebin.com/BjFgT6kB the 2,000 SCADA System which i by the way posted WEEKS ago + Notified the Homeland Security ( I can show e-mails for proof)+ and emailed the FBI in effort to try and get this fixed
4.  
5.  
6. The most obvious is well they have yet to fix it but this is not what im here to discuss
7.  
8. while going over this exploit i came about ANOTHER exploit for the SERVER control part of it
9.  
10. While my 2k Exploit effects the SCADA system its self this exploit effects the SERVER its self
11.  
12. With Such you are also allowed access to the FTP
13.  
14.  
15.  
16. The Source code to the SCADA product + the web interface + additional default install code is compressed in dirs - I dont have to explain the issue here as to why this is bad
17.  
18.  
19. What all you can do?
20.  
21.  
22. Access this service Via Terminal Sessions , and FTP
23.  
24.  
25. Pictures Below to provide proof of concept
26.  
27.  
28.  
29.  
30. Terminal Session Proof ----->
31.  
32. http://i45.tinypic.com/34p1dn8.png
33.  
34.  
35. FTP Proof ----->
36.  
37.  
38. http://i45.tinypic.com/15rnx8g.png
39.  
40.  
41.  
42.  
43.  
44. Also for the people that cant comprehend or see the " HOLY SHIT " in this look at the the perms on the files and dir's :)
45.  
46.  
47.  
48. By - Hex00010
49. Twitter - https://twitter.com/#!/Hex000101
50. Email - uat666@hotmail.com