module
Pimcore Gather Credentials via SQL Injection
| Disclosed |
|---|
| Aug 13, 2018 |
Disclosed
Aug 13, 2018
Description
This module extracts the usernames and hashed passwords of all users of
the Pimcore web service by exploiting a SQL injection vulnerability in
Pimcore's REST API.
Pimcore begins to create password hashes by concatenating a user's
username, the name of the application, and the user's password in the
format USERNAME:pimcore:PASSWORD.
The resulting string is then used to generate an MD5 hash, and then that
MD5 hash is used to create the final hash, which is generated using
PHP's built-in password_hash function.
the Pimcore web service by exploiting a SQL injection vulnerability in
Pimcore's REST API.
Pimcore begins to create password hashes by concatenating a user's
username, the name of the application, and the user's password in the
format USERNAME:pimcore:PASSWORD.
The resulting string is then used to generate an MD5 hash, and then that
MD5 hash is used to create the final hash, which is generated using
PHP's built-in password_hash function.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.