Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-9161 PoC — Prisma Industriale Checkweigher PrismaWEB 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-9161.yaml
Associated Vulnerability
Title:Prisma Industriale Checkweigher PrismaWEB 安全漏洞 (CVE-2018-9161)
Description:Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.
Description
PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
File Snapshot

 id: CVE-2018-9161

info:
  name: PrismaWEB - Credentials Disclosure
  author: gy741
  severity: crit

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →