limerencee/cs4239-cve-2020-15873

Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms < v1.65.1

CVE-2020-15873

Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms < v1.65.1

Pre-requisites

1. Python2.7 with Pip and BeautifulSoup4
2. Docker with LibreNMS Container
3. Login to the web application and create a device using the GUI, setting the host to 127.0.0.1.

Usage (ensure that LibreNMS is started)

$ python poc.py <ip addr:8000> librenms librenms

Development

Debugging LibreNMS Docker Instance

1. Obtain a shell to the container:

   $ sudo docker exec -it librenms_vuln /bin/bash

2. To read the logs generated by LibreNMS:

   $ tail -f /opt/librenms/logs/librenms.log

Debugging MariaDB Docker Instance

1. Obtain a shell to the container:

   $ sudo docker exec -it librenms_db_vuln /bin/bash

2. To experiment with the database:

   $ mysqld;
   mysql> use librenms;
   mysql> show tables;
   mysql> SELECT * FROM users;