| 제목 | For IP Tecnologia Ltda ForIP Tecnologia - Administração PABX 1.x SQL Injection |
|---|
| 설명 | A SQL injection vulnerability was found in the "usuario" parameter of the authentication form in the "ForIP Tecnologia - Administração PABX" application, where the value passed to the parameter is not sanitized by the application's backend, making SQL injection possible. As a result, an attacker can use the technique of closing the original SQL query and creating a condition that always evaluates to true, such as with the value: ' OR 1=1 -- , making it possible to log in with the first user in the database. Additionally, automated tools like SQLMAP can be used to perform a complete database dump.
By using Google, it is possible to find vulnerable applications. Searching for "ForIP Tecnologia - Administração PABX" reveals a host with the application exposed to the internet at: "https://165.x.x.x/". Additionally, using other techniques, such as searching Google for "LOGIN FORIP MANAGER", another exposed host can be found, also containing the vulnerability, at: "https://159.x.x.x/".
Using the sqlmap tool to perform a complete database dump:
sqlmap -u "https://{IP}:8443/login?usuario=admin&senha=123" --flush-session --ignore-code=401
All versions of the product are affected by the vulnerabilities.
|
|---|
| 사용자 | gabriel (UID 72007) |
|---|
| 제출 | 2024. 07. 17. AM 12:05 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 07. 25. AM 11:53 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 272423 [ForIP Tecnologia Administração PABX 1.x Authentication Form /login usuario SQL 주입] |
|---|
| 포인트들 | 17 |
|---|