.. / CVE-2018-9161

Exploit for PrismaWEB - Credentials Disclosure (CVE-2018-9161)

Description:

PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.

Nuclei Template

View the template here CVE-2018-9161.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-9161.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-9161
https://github.com/ARPSyndicate/kenzer-templates
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php
https://www.exploit-db.com/exploits/44276/

.. / CVE-2018-9161 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for PrismaWEB - Credentials Disclosure (CVE-2018-9161)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-9161