Skip to content
/ Pandora_v7.0NG.742_exploit_unauthenticated Public

Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

License

MIT license
20 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

shyam0904a/Pandora_v7.0NG.742_exploit_unauthenticated

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
sqlpwn.py
sqlpwn.py
 
 

Repository files navigation

CVE-2021-32099 Pandora_v7.0NG.742

Unauthenticated Sqlinjection that leads to dump database but this one impersonated Admin and drops a interactive shell

Official Blog by the Author

Blog https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained

Usage :

usage: sqlpwn.py [-h] -t TARGET [-f FILENAME]

Exploiting Sqlinjection To impersonate Admin

optional arguments:
-h, --help            show this help message and exit
-t TARGET, --target TARGET
                      Host Ip for the Exploiting with target Port 
-f FILENAME, --filename FILENAME
                      Filename for Shell Upload with php extension

About

Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

Topics

rce cve pandora sqlinjection

Resources

Readme

License

MIT license
Activity

Stars

20 stars

Watchers

1 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages