Open richnadeau opened 2 years ago
Did some research today on what instance SQLi vulnerability I will be setting up next, I am planning to try and install this MySQL Squid Access vulnerability on a CentOS box soon. Sent this link to Devin as well to make sure this is a good exploit to look into for what he is looking for.
Tried to get MySQL Squid Access vulnerability installed and configured today. Could not get it working unfortunately and will need to pivot to another SQL injection.
Tried to install a couple more SQL injections today with no luck on the Installation process. YouPHPtube 7.2 and Jobberbase 2.0 amongst a few of the apps I got stumped on tonight. Shot Devin a message to see if he could point me in the right direction for an SQL injection.
Got good progress done on TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit) exploit that Devin sent me today. Am now running into an issue during installation (screenshot below) where it says Warning: mysqli::mysqli(): Headers and client library minor version mismatch. Headers:50564 Library:50651 in /var/www/html/teemip/web/core/cmdbsource.class.inc.php on line 86
. Tried looking into this for the past few hours with no luck so far. Next time, I am going to try and maybe install on CentOS8 box instead of CentOS7 to see if its a version issue with php or mysql-server/mysqld. Will update Devin on progress tomorrow during AM meeting.
Used Rocky 8.4 and was able to get the vulnerable version of TeemIP installed properly yesterday. Now I am onto figuring out how to exploit the vulnerability.
Currently stuck on attempting to exploit the box. I am stuck with this error when trying to run the Metasploit module given on the exploit-db page. Even though my TeemIP version is 2.3.1 (which is the one given by exploit db as well. Going to try a few things this weekend.
Got the exploit working for this box. Now I have to document/make a storyboard/ansibilize this box.
Documented Configuration and exploitation of the box. Now need to ansibilize and storyboard this.
Need to research and create and SQL injection box for Devin. This cannot be on Ubuntu, needs to be different distro.