Exploits / Vulnerability Discovered : 2023-04-03 |
Type : webapps |
Platform : php
This exploit / vulnerability Glpi v10.0.2 sql injection (authentication depends on configuration) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# ADVISORY INFORMATION
# Exploit Title: GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
# Date of found: 11 Jun 2022
# Application: GLPI >=10.0.0, < 10.0.3
# Author: Nuri Çilengir
# Vendor Homepage: https://glpi-project.org/
# Software Link: https://github.com/glpi-project/glpi
# Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/
# Tested on: Ubuntu 22.04
# CVE: CVE-2022-31056
If you manipulate the filename uploaded to the system, the file is placed under /files/_tmp/. HTTP GET request required to trigger the issue is as follows.