OpenSTAManager, SQL Injection, CVE-2024-xxxx (Critical)

Listen to this Post

The vulnerability exists in `/modules/stampe/actions.php` within the `update` case. User-controlled input from the `module` POST parameter is directly concatenated into an SQL `UPDATE` query without sanitization or prepared statements. While the `predefined` parameter is validated with intval(), the `module` parameter only undergoes an `!empty()` check. This allows an authenticated attacker to inject arbitrary SQL commands. The exploit uses error-based techniques with MySQL’s UPDATEXML(), EXTRACTVALUE(), or `GTID_SUBSET()` functions. By crafting a malicious payload in the `module` parameter, the attacker forces the database to execute SQL and return results within MySQL error messages, enabling data exfiltration.
Platform: OpenSTAManager
Version: Vulnerable versions
Vulnerability: SQL Injection
Severity: Critical
date: 2024-05-17

Prediction: Patch within 30 days

What Undercode Say:

python3 exploit_stampe_sqli.py -u admin -p password --url http://target
$dbo->query('UPDATE `zz_prints` SET `predefined` = 0 WHERE `id_module` = '.post('module'));

How Exploit:

Authenticated attack required. Attacker sends POST request to `/modules/stampe/actions.php` with malicious `module` payload. Exploit uses `UPDATEXML()` for error-based data extraction. Script automates login, injection, and parsing of error messages containing database information.

Protection from this CVE

Use prepared statements. Apply input validation. Sanitize `module` parameter. Update to patched version. Implement WAF rules.

Impact:

Data exfiltration possible. Authentication bypass potential. Full database compromise. Admin hash extraction. Complete system takeover.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top