| Titel | For IP Tecnologia Ltda ForIP Tecnologia - Administração PABX 1.x SQL Injection |
|---|
| Beschreibung | A SQL injection vulnerability was found in the "usuario" parameter of the authentication form in the "ForIP Tecnologia - Administração PABX" application, where the value passed to the parameter is not sanitized by the application's backend, making SQL injection possible. As a result, an attacker can use the technique of closing the original SQL query and creating a condition that always evaluates to true, such as with the value: ' OR 1=1 -- , making it possible to log in with the first user in the database. Additionally, automated tools like SQLMAP can be used to perform a complete database dump.
By using Google, it is possible to find vulnerable applications. Searching for "ForIP Tecnologia - Administração PABX" reveals a host with the application exposed to the internet at: "https://165.x.x.x/". Additionally, using other techniques, such as searching Google for "LOGIN FORIP MANAGER", another exposed host can be found, also containing the vulnerability, at: "https://159.x.x.x/".
Using the sqlmap tool to perform a complete database dump:
sqlmap -u "https://{IP}:8443/login?usuario=admin&senha=123" --flush-session --ignore-code=401
All versions of the product are affected by the vulnerabilities.
|
|---|
| Benutzer | gabriel (UID 72007) |
|---|
| Einreichung | 17.07.2024 00:05 (vor 2 Jahren) |
|---|
| Moderieren | 25.07.2024 11:53 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 272423 [ForIP Tecnologia Administração PABX 1.x Authentication Form /login usuario SQL Injection] |
|---|
| Punkte | 17 |
|---|