| Title | benner modernanet < 1.1.1 sqli |
|---|
| Description | Title: Blind Boolean-Based SQL Injection in ModernaNet by Benner (< 1.1.1)
Vendor: Benner
Affected Product: ModernaNet
Affected Versions: < 1.1.1
Vulnerability Type: Blind Error-Based SQL Injection
CVSS Score: 7.5
Summary:
A Blind Error-Based SQL Injection vulnerability has been identified in the ModernaNet system by Benner, affecting versions prior to 1.1.1. The vulnerability exists in the 'convenio' parameter of the following endpoint:
/AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-02-25+19%3A25&agserv=0&convenio=1&localatend=1&idplano=5&pesfis=01&idprofissional=0&target=.horarios--dia--d0&_=1739371223797
An attacker can exploit this vulnerability to infer database information using Error-based SQL Injection techniques.
Exploitation:
The vulnerability can be exploited using the following payload:
CASE WHEN (SUBSTRING(DB_NAME(),X,1))='Y' THEN 1/0 ELSE 0 EN
If the query is correct, the response length is greater and the error is shown.
If not, the response length is smaller.
This allows an attacker to extract database information one character at a time, its just needed to change the argument X to the database name index and Y to the character.
Impact:
No authentication or privileges are required.
The attack can be performed remotely.
The attacker can infer database schema details, potentially leading to further exploitation.
CVSS recomendation: 7.5 (HIGH)
By: Yago Martins |
|---|
| Source | ⚠️ https://github.com/yago3008/cves |
|---|
| User | y4g0 (UID 80480) |
|---|
| Submission | 02/12/2025 21:10 (1 Year ago) |
|---|
| Moderation | 02/24/2025 18:22 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 296691 [Benner ModernaNet up to 1.1.0 sql injection] |
|---|
| Points | 20 |
|---|