Presentation

It is possible to steal the administrator session. The function that generates the “session_id” is not complex enough. We can therefore brut force the “session_id” of the administrator.

Exploit

https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py

Impacted Version(s)

EON 4.2+ EON 5.0+

Fixed Version(s)

EON 5.3-11

Fix

Download latest EON fixed version.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27514

https://github.com/EyesOfNetworkCommunity/eonweb/issues/87