Wifi Soft Unibox Administration 3.0 Login Page Exploit

Shubham Tiwari
2 min readSep 8, 2023

--

Introduction

In the realm of cybersecurity, the constant battle between defenders and attackers rages on. Today, we’ll take you on a journey through a real-life encounter with a security vulnerability that we unearthed in a UNIBOX 3.0 panel. Join us as we reveal the steps involved in identifying and exploiting this vulnerability responsibly, shedding light on the critical importance of robust security measures.

The Beginning: Subdomains and Discovery

Our story commences with the discovery of subdomains on the actcorp.in main domain. Among these subdomains, one stood out, 106.51.8.242.actcorp.in, which hosted a live domain housing a UNIBOX panel. This discovery was our entry point into a deeper investigation.

Uncovering the UNIBOX Panel with HTTPx

Leveraging the power of the HTTPx tool, we were able to detect the presence of a UNIBOX panel running on the live domain. The command we used was:

httpx -l domains.txt -title -tech-detect -status-code

This allowed us to comprehensively scan for web technologies and their respective versions, a critical step in understanding the system’s architecture.

Identifying the Vulnerability

Our careful examination of the UNIBOX panel’s login page yielded a startling revelation: the UNIBOX 3.0 login page was vulnerable to SQL Injection. This type of vulnerability can have severe consequences if left unaddressed, making it a crucial discovery.

The Ethical Hack: Proving the Point

To validate the seriousness of our findings and demonstrate the potential risks, we embarked on an ethical hacking mission. Armed with a classic SQL Injection payload (‘or 1=1 limit 1 — -), we successfully gained unauthorized access to the system. The command we used to exploit the vulnerability was:

'or 1=1 limit 1-- -

This controlled demonstration served as a stark reminder that even seemingly secure systems can harbor hidden vulnerabilities.

POC

The Importance of Responsible Disclosure

Ethical hacking is more than just exploitation; it’s about accountability. We promptly reported our findings to the relevant authorities and developers, ensuring that necessary actions would be taken to rectify the vulnerability and enhance system security.

Conclusion

In conclusion, our journey into the world of ethical hacking showcases the essential role that security researchers play in strengthening the digital landscape. It underscores the significance of responsible disclosure and the collective responsibility we all share in securing our online environments.

--

--