CVE-2020-15873 PoC — LibreNMS SQL注入漏洞

Source

https://github.com/limerencee/cs4239-cve-2020-15873

Associated Vulnerability

Title:LibreNMS SQL注入漏洞 (CVE-2020-15873)
Description:In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.

Description

Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms < v1.65.1

Readme

# CVE-2020-15873
Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms &lt; v1.65.1

## Pre-requisites
1. Python2.7 with Pip and BeautifulSoup4
2. Docker with [LibreNMS Container](https://hub.docker.com/r/librenms/librenms/)
3. Login to the web application and create a device using the GUI, setting the host to `127.0.0.1`.

## Usage (ensure that LibreNMS is started)
`$ python poc.py <ip addr:8000> librenms librenms`

## Development
### Debugging LibreNMS Docker Instance
1. Obtain a shell to the container:

    `$ sudo docker exec -it librenms_vuln /bin/bash`

2. To read the logs generated by LibreNMS:

    `$ tail -f /opt/librenms/logs/librenms.log`

### Debugging MariaDB Docker Instance
1. Obtain a shell to the container:
    
    `$ sudo docker exec -it librenms_db_vuln /bin/bash`

2. To experiment with the database:

    ```bash
    $ mysqld;
    mysql> use librenms;
    mysql> show tables;
    mysql> SELECT * FROM users;
    ```

File Snapshot


 [4.0K]  /data/pocs/c0822c05f4a1948cd28d9bad7207bd4a2d94469f
├── [ 926]  env-setup.sh
├── [5.2K]  poc.py
├── [ 962]  README.md
├── [ 430]  start.sh
└── [ 329]  stop.sh

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!