Skip to content

shyam0904a/Pandora_v7.0NG.742_exploit_unauthenticated

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

sqlpwn.py

sqlpwn.py

 
 

Repository files navigation

CVE-2021-32099 Pandora_v7.0NG.742

Unauthenticated Sqlinjection that leads to dump database but this one impersonated Admin and drops a interactive shell

Official Blog by the Author

Blog https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained

Usage :

usage: sqlpwn.py [-h] -t TARGET [-f FILENAME]

Exploiting Sqlinjection To impersonate Admin

optional arguments:
-h, --help            show this help message and exit
-t TARGET, --target TARGET
                      Host Ip for the Exploiting with target Port 
-f FILENAME, --filename FILENAME
                      Filename for Shell Upload with php extension

About

Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

Topics

rce cve pandora sqlinjection

Resources

Readme

License

MIT license
Activity

Stars

18 stars

Watchers

1 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages