Skip to content
/ cs4239-cve-2020-15873 Public

Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms < v1.65.1

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

limerencee/cs4239-cve-2020-15873

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
README.md
README.md
 
 
env-setup.sh
env-setup.sh
 
 
poc.py
poc.py
 
 
start.sh
start.sh
 
 
stop.sh
stop.sh
 
 

Repository files navigation

CVE-2020-15873

Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms < v1.65.1

Pre-requisites

  1. Python2.7 with Pip and BeautifulSoup4
  2. Docker with LibreNMS Container
  3. Login to the web application and create a device using the GUI, setting the host to 127.0.0.1.

Usage (ensure that LibreNMS is started)

$ python poc.py <ip addr:8000> librenms librenms

Development

Debugging LibreNMS Docker Instance

  1. Obtain a shell to the container:

    $ sudo docker exec -it librenms_vuln /bin/bash

  2. To read the logs generated by LibreNMS:

    $ tail -f /opt/librenms/logs/librenms.log

Debugging MariaDB Docker Instance

  1. Obtain a shell to the container:

    $ sudo docker exec -it librenms_db_vuln /bin/bash

  2. To experiment with the database:

    $ mysqld;
mysql> use librenms;
mysql> show tables;
mysql> SELECT * FROM users;

About

Proof of Concept of CVE-2020-15873 - Blind SQL Injection in Librenms < v1.65.1

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages