Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-38130 PoC — Keysight Technologies Sensor Management Server SQL注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-38130.yaml
Associated Vulnerability
Title:Keysight Technologies Sensor Management Server SQL注入漏洞 (CVE-2022-38130)
Description:Keysight Technologies Sensor Management Server是美国Keysight Technologies公司的一种传感器管理服务器。 Keysight Technologies Sensor Management Server(SMS)存在安全漏洞,该漏洞源于未经身份验证的远程攻击者可以通过com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip()方法为数据库文件指定UNC路径从而有效地控制S
Description
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\<attacker-host>\sms\<attacker-db.zip>), effectively controlling the content of the database to be restored.
File Snapshot

 id: CVE-2022-38130

info:
  name: KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execut

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.