Month: January 2020

OmniCenter 12.1.1 SQL Injection

By Luis Rios OmniCenter 12.1.1 and below (and 12.0.8 and below) is affected by an unauthenticated SQL Injection (Boolean Based Blind). The injection allows an attacker to read sensitive information from the database used by the application. Background During the course of a penetration test, we encountered the OmniCenter application.  An Internet search showed no …

OmniCenter 12.1.1 SQL InjectionRead More »