I discovered and submitted a nice easy CVE a few weeks back (CVE-2021-43329). I did notify the vendor who has patched legitimate future versions. There’s a remote unauthenticated SQL injection in license_update.php (located on the web root) on all versions =< 2.93. It’s an error based blind sqli which you can do manually, but if you’re feeling lazy just feed the request to sqlmap. Here’s a link to the vuln in case anyone receives an invitation to test the software, or for some odd reason it comes up in a penetration test:
Cool finding!
Senior Penetration Tester at Westpac Group, Co-founder & Cyber Mentor | OSCP | CISSP | ISO 27001 LA & LI |
1yReport
Report
Nice work mate!