Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


WebERP SQL injection Vulnerability Description

Testing Target


The SalesInquiry.php have SQL Injection vulnerability in SortBy parameter, here we can use the sleep function or other functions following the order by.


  1. First, we download the latest version from the official website and view the source code of /webERP/SalesInquiry.php.

  2. From the SalesInquiry.php source we discovered SortBy parameter has SQL injection vulnerability in line 222.

  3. OK, we quickly use webERP Demo Company to try SQL Injection problem.

  4. Choose Sales Order Detail Or Summary Inquiries feature.

  5. Please adjust the time to an earlier date to make sure you can find the information.

  6. Here we found a total of 9 data, please remember this number which a key point is.

  7. Repeat the above steps to adjust the time and use Burp Suite to Intercept the packet.

  8. In the SortBy parameter we insert sample SQL Injection payload.

  • Payload:and sleep(1)
  1. Very incredible things happen, if you set sleep 1 second, it will cause sec * total data number.
  • sleep(1) * 9 = 9 sec
  • sleep(2) * 9 = 18 sec