I discovered and submitted a nice easy CVE a few weeks back (CVE-2021-43329). I did notify the vendor who has patched legitimate future versions. There’s a remote unauthenticated SQL injection in license_update.php (located on the web root) on all versions =< 2.93. It’s an error based blind sqli which you can do manually, but if you’re feeling lazy just feed the request to sqlmap. Here’s a link to the vuln in case anyone receives an invitation to test the software, or for some odd reason it comes up in a penetration test:
Cool finding!
Offensive Security Specialist (Red Team/Purple Team) at Wesfarmers Group | OSCP | CRTO | CISSP | ISO 27001 LA & LI |
3yNice work mate!