rackneos
commented
1 year ago Hello,
I capture stop & start command by burp suite and then use this command for exploit. But this command not work without session id. I think this vulnerability could not work without "session id" . Are you sure this vulnerability could access to start or stop command without athenticated ? How can Stop or Start web server without athentication ? and i guess there are many problems in this command. \ (back slash) in command should be / (slash). becuase curl command could not send POST or GET method when we use . Please contact me.
Thank you.
[remote] Siemens S7-1200 - Unauthenticated Start/Stop Command
[remote] Siemens S7-1200 - Unauthenticated Start/Stop Command
https://unsafe.sh/go-105245.html