.. / CVE-2020-10547

Exploit for rConfig 3.9.4 - SQL Injection (CVE-2020-10547)

Description:

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes’ passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.

Nuclei Template

View the template here CVE-2020-10547.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-10547.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-10547
https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py
https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
https://github.com/theguly/exploits
https://github.com/ARPSyndicate/kenzer-templates
https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/

.. / CVE-2020-10547 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for rConfig 3.9.4 - SQL Injection (CVE-2020-10547)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-10547