CVE-2020-15873 PoC — LibreNMS SQL注入漏洞

Source

https://github.com/limerencee/cs4239-cve-2020-15873

Associated Vulnerability

Title:LibreNMS SQL注入漏洞 (CVE-2020-15873)
Description:LibreNMS是一套基于PHP和MySQL的开源网络监控系统。该系统具有自定义警报、自动发现网络环境和自动更新等特点。 LibreNMS 1.65.1之前版本中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。

Description

Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms < v1.65.1

Readme

# CVE-2020-15873
Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms &lt; v1.65.1

## Pre-requisites
1. Python2.7 with Pip and BeautifulSoup4
2. Docker with [LibreNMS Container](https://hub.docker.com/r/librenms/librenms/)
3. Login to the web application and create a device using the GUI, setting the host to `127.0.0.1`.

## Usage (ensure that LibreNMS is started)
`$ python poc.py <ip addr:8000> librenms librenms`

## Development
### Debugging LibreNMS Docker Instance
1. Obtain a shell to the container:

    `$ sudo docker exec -it librenms_vuln /bin/bash`

2. To read the logs generated by LibreNMS:

    `$ tail -f /opt/librenms/logs/librenms.log`

### Debugging MariaDB Docker Instance
1. Obtain a shell to the container:
    
    `$ sudo docker exec -it librenms_db_vuln /bin/bash`

2. To experiment with the database:

    ```bash
    $ mysqld;
    mysql> use librenms;
    mysql> show tables;
    mysql> SELECT * FROM users;
    ```

File Snapshot


 [4.0K]  /data/pocs/c0822c05f4a1948cd28d9bad7207bd4a2d94469f
├── [ 926]  env-setup.sh
├── [5.2K]  poc.py
├── [ 962]  README.md
├── [ 430]  start.sh
└── [ 329]  stop.sh

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!