CVE-2019-15972 Cisco UCM SQLi Scripts
Scripts that can be used to exploit CVE-2019-15972 which was an Authenticated SQLi issue in Cisco Unified Call Manager (UCM).
- Enumerate tables - enumerate all tables on the underlying database and place the table names in a text file
- Extract tables - take the list of tables and extract the contents of each table
- Related F-Secure advisory can be found here: https://labs.f-secure.com/advisories/cisco-ucm-informix-sql-injection/
- Details on how this vulnerability was discovered and exploited can be found here: https://labs.f-secure.com/blog/uncommon-sql-database-alert-informix-sql-injection/