Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections
Mehdi Elyassa - SynacktivPosted 1 Year Ago- Microsoft Configuration Manager (MCM) is a systems management software by Microsoft. It manages computers with remote control, patch management, etc. If you find a bug, it's a really bad day for the administrators that use it!
- The requests to this server are made over HTTP. While reverse engineering
LocationMgr.dll, they found that some of the provided input was not being properly sanitized. In what way? In a SQL query! - The content is XML that is zipped. The input used for exploitation is a user GUID. The author wrote a nice Python script to make exploitation easy with a simple web request.
- Using SQL injection, it's possible to create a new user account and set their role on the database. Deployment information can now be changed to execute arbitrary commands on all linked systems and bash commands via SQL on the server itself.
- They found one more very similar SQL injection vulnerability as well. Somewhere and some way, it's required to put in effort. Sometimes, it's a crazy vulnerability. Other times, it's reverse engineering. You gotta put the work in or the bug you're looking for has already been found.
