Target:Intelligent Manufacturing Collaborative Internet of Things System(IMS)
They have two different appearances, but they are both part of the same system
Supplier:Shanghai Zhouma Network Technology Co., Ltd(Official website:https://www.cnmar.com/)
payload
<https://ip:8092>
version: 1.9.1
detailed
The intelligent manufacturing collaborative IoT system has a login interface on IP: 8091
But due to improper configuration, they have opened port 8092, which can be accessed by any user. By accessing the port, it was discovered that port 8092 is an API management interface that allows for arbitrary sending of APIs and viewing of response content.
Firstly, by clicking on other content such as item repositories, a token will be automatically returned. Using this token, the API can be used to view the user list, and it is found that the response contains sensitive information such as usernames and passwords, which are only encrypted using MD5.
This is the figure without token:
And this is the figure with token after click on any content on the second line, such as the item warehouse:
And then the system will add a token, resulting in successful privilege elevation, allowing users to view any information