CVE-2020-10220
The target rConfig instance is vulnerable to CVE-2020-10220 due to its outdated version
/Practice/Quackerjack/3-Exploitation/attachments/{D260C0AB-7C51-4E69-8586-2A0DDE9B365C}.png)
A vulnerability was found in rConfig up to 3.9.4. It has been declared as critical. This vulnerability affects unknown code of the file commands.inc.php of the component Web Interface. The manipulation of the argument searchColumn as part of Parameter leads to sql injection. This vulnerability was named CVE-2020-10220. The attack can be initiated remotely. Furthermore, there is an exploit available.
Exploit
/Practice/Quackerjack/3-Exploitation/attachments/{9E62619A-FFED-4562-85C9-122D973F4CD7}.png)
Original exploit repository located
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/quackerJack]
└─$ git clone https://github.com/v1k1ngfr/exploits-rconfig ; cd exploits-rconfig
Cloning into 'exploits-rconfig'...
remote: Enumerating objects: 100, done.
remote: Counting objects: 100% (100/100), done.
remote: Compressing objects: 100% (96/96), done.
remote: Total 100 (delta 44), reused 0 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (100/100), 33.75 KiB | 2.11 MiB/s, done.
Resolving deltas: 100% (44/44), done.Cloning the exploit repo to Kali
Modification
/Practice/Quackerjack/3-Exploitation/attachments/{72F789ED-2FEB-47E9-9154-ACA718D574AE}.png)
Fixing the line 67 of the rconfig_sqli.py file, to not check self-signed certificate