CVE-2021-32099 Pandora_v7.0NG.742
Unauthenticated Sqlinjection that leads to dump database but this one impersonated Admin and drops a interactive shell
Official Blog by the Author
Blog https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained
Usage :
usage: sqlpwn.py [-h] -t TARGET [-f FILENAME]
Exploiting Sqlinjection To impersonate Admin
optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
Host Ip for the Exploiting with target Port
-f FILENAME, --filename FILENAME
Filename for Shell Upload with php extension
7b304f3 @ 2024-11-15