Run Python3 exploit code
$ python3 ex.py [Target IP Address]minidlnad is running on TCP port 8200.
This daemon contains a SQL injection vulnerability while processing X_SetBookmark.
...
if ( sub_191D8(
dword_57B50,
"INSERT OR REPLACE into BOOKMARKS VALUES ((select DETAIL_ID from OBJECTS where OBJECT_ID = '%q'), %q)",
v2,
v3) )
...Using SQL injection, we can execute arbitrary SQL queries, including ATTACH DATABASE statement.
We can create database whose file extension is php and content has php web shell code.
- Zachary Cutlip (@zcutlip): Original discovery
- Insu Yun, Seunghyun Kim, Gyeongwon Kim: Exploit writing