- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9819
- Проверка EDB
-
- Пройдено
- Автор
- CRASHBRZ
- Тип уязвимости
- WEBAPPS
- Платформа
- MULTIPLE
- CVE
- null
- Дата публикации
- 2009-09-25
Код:
Engeman is a Brasilian software for maintenance control.
Version tested: 6.x.x and prior. Next versions appears vulnerable too.
The attacker can inject sql codes in username textbox:
SQL dump affter injection:
select nome,senha,diasexp,dataltsen,permitetroca from cfgusr where nome='NULL' OR NOME<>'1'
select nomegrupo from cfgusr where ignoragrupo='N' and nome='NULL' OR NOME='1'
In firebird the attack have a low impact, but in SQL Server may compromisse the server.
**** The version tested is a made in DELPH language, NOT is a Web Software! ****
Vendor site: www.engeman.com.br.
Plase, give the credits to: Crash and _Sl0t_ - DcLabs
Trank´s.- Источник
- www.exploit-db.com
