WebERP SQL injection Vulnerability Description
- Author: YU-HSIANG HUANG, YUNG-HAO TSENG, Eddie TC CHANG
- Contact: huang.yuhsiang.phone@gmail.com; 0xuhaw@gmail.com; eddietcchang@gmail.com
Testing Target
- Product: webERP 4.15
- Last updated: 2018/05/21
- Official Website: http://www.weberp.org/
- Github: https://github.com/webERP-team/webERP
Abstract
The CollectiveWorkOrderCost.php have SQL Injection vulnerability in SearchParts parameter, here will be to guess the database version and user as an example.
Concept
-
First, we download the latest version from the official website and build default demo environment. Then login with the default account password.

-
Click
Manufacturing->Multiple Work Orders Total Cost Inquiry, we came toCollectiveWorkOrderCost.phppages.
-
In this page, we click
Search Items Nowand using Burp Suite intercept packet.

-
Here we insert SQL Injection Payload after the
SearchPartsparameter.
Summary
The webERP is a very popular ERP software in Asia. This is a very serious problem, because attackers can quickly obtain sensitive information about enterprise ERP.



