| 제목 | Quantico Tecnologia PRMV 6.48 Time Based Blind SQL Injection |
|---|
| 설명 | Time-Based Blind SQL Injection in PRMV 6.48
Vendor: Quantico Tecnologia
Product: PRMV
Version Affected: 76.48
Reference: https://www.qtec.net.br/v2/crbst_5.html
Vulnerability Type: Time-Based Blind SQL Injection
Description:
A Time-Based Blind SQL Injection vulnerability has been discovered, a software solution developed by Quantico Tecnologia. The issue resides in the login endpoint:
/admin/login.php
The parameter username is vulnerable to SQL Injection, allowing an attacker to manipulate database queries. By injecting a time delay, it was confirmed that the database is processing unauthorized SQL commands.
Payload: ' AND (SELECT 1 FROM (SELECT(SLEEP(2)))A) AND 'A'='A
Proof of Concept (PoC):
POST /rotsat/admin/login.php HTTP/1.1
Host: X.X.X.X
btnSubmit=Login&username=a'+AND+(SELECT+1+FROM+(SELECT(SLEEP(2)))a)+AND+'a'='a&password=a&value_captcha_1=&g-recaptcha-response=
--
the server’s response time increases by approximately 5 seconds, indicating that the injected SQL command was executed successfully. This confirms that the application is vulnerable to time-based blind SQL injection.
Impact:
An attacker exploiting this vulnerability can:
Extract sensitive database information, such as user credentials.
Bypass authentication mechanisms.
Modify or delete data within the database.
Chain the attack with other vulnerabilities for further exploitation.
Since this is a blind SQL Injection, attackers can iteratively extract data by analyzing response times.
By: Yago Martins |
|---|
| 원천 | ⚠️ https://github.com/yago3008/cves |
|---|
| 사용자 | y4g0 (UID 80480) |
|---|
| 제출 | 2025. 02. 25. PM 09:27 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 08. AM 08:37 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 299013 [Quantico Tecnologia PRMV 6.48 Login Endpoint /admin/login.php 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|