Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- While going over the exploit located here
- http://pastebin.com/BjFgT6kB the 2,000 SCADA System which i by the way posted WEEKS ago + Notified the Homeland Security ( I can show e-mails for proof)+ and emailed the FBI in effort to try and get this fixed
- The most obvious is well they have yet to fix it but this is not what im here to discuss
- while going over this exploit i came about ANOTHER exploit for the SERVER control part of it
- While my 2k Exploit effects the SCADA system its self this exploit effects the SERVER its self
- With Such you are also allowed access to the FTP
- The Source code to the SCADA product + the web interface + additional default install code is compressed in dirs - I dont have to explain the issue here as to why this is bad
- What all you can do?
- Access this service Via Terminal Sessions , and FTP
- Pictures Below to provide proof of concept
- Terminal Session Proof ----->
- http://i45.tinypic.com/34p1dn8.png
- FTP Proof ----->
- http://i45.tinypic.com/15rnx8g.png
- Also for the people that cant comprehend or see the " HOLY SHIT " in this look at the the perms on the files and dir's :)
- By - Hex00010
- Twitter - https://twitter.com/#!/Hex000101
- Email - uat666@hotmail.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement