TL;DR - Below you will find some details about an SQL Injection bug I found in admin's panel.
Idea was simple: coffee + Burp + Sunday 5:00AM ;]
Grabbed request to webapp look like this:
To 'verify' the bug I used sqlmap, see below:
"Unfortunately" ;] the bug is accessible only from 'logged in' user(s) but maybe later I will find something else...
As far as I know, running this request (like sqlmap -r asd --sql-shell) should work as well.
In case of any questions/feedback/comments - feel free to find me @twitter.
*Update (9:22)*
Another SQLi bug - this time when you will access GraphicalView.do page:
Here you will find full request. Enjoy. ;]
*Update (9:34)*
Looks like a 3rd one. well... :]
*Update (19:44)*
According to CVE Mitre we can target this vulnerability now as CVE-2017-16542
(and CVE-2017-16543) .
Cheers
Brak komentarzy:
Prześlij komentarz