Exploits / Vulnerability Discovered : 2020-08-20 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Pnpscada 2.200816204020 interf sql injection (authenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated)
# Google Dork: -
# Date: 2020-08-17
# Exploit Author: İsmail ERKEK
# Vendor Homepage: http://wiki.pnpscada.com/forumHome.jsp
# Version: 2.200816204020
# Tested on: -
1. Description:
----------------------
PNPSCADA 2.200816204020 allows SQL Injection via parameter 'interf' in
/browse.jsp. Exploiting this issue could allow an attacker to compromise
the application, access or modify data, or exploit latent vulnerabilities
in the underlying database.
2. Proof of Concept:
----------------------
In Burpsuite intercept the request from one of the affected pages with
'interf' parameter and save it like fuel.req Then run SQLmap to extract the
data from the database: