-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathIDCE-SQLi
45 lines (34 loc) · 2.01 KB
/
IDCE-SQLi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Presentation:
Security vulnerability: SQL Injection.
Vulnerability Type: Injections.
Affected Component: Affected function on database access code.
Software: IDCE MV.
Version: 1.0 (discontinued).
Bussiness area: Health, Medicine.
Describe the bug/issue:
SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads on the user field, connecting to an Oracle database
to access private and sensitive information.
Have you searched the internet or Github for an answer?
Yes.
To Reproduce:
The SQL Injection running over a Time-Based Blind technique.
The database usually is an Oracle, but it could be changed.
1. Open the IDCE's login page. Fill in the user and password fields and intercept it with Burp Suite.
2. Copy the request lines in the Burp Suite and paste the lines into a new file. Rename this file to "idce-sqli.txt", e.g.
3. Now, into the "idce-sqli.txt" file, edit the last line. Find the "txtUsuario=" and change it to "txtUsuario=*". You have to put an asterisk as user field value.
4. Save the file "idce-sqli.txt".
5. Execute SQLMap with the following command: sqlmap -r idce-sqli.txt --dbms=oracle --level=5 --risk=3 --technique=T
6. Wait for the end of SQLi execution.
DBMS of this application usually is an Oracle, but you could have to find out the DBMS whether it was changed. For this, you could execute the following command:
sqlmap -r idce-sqli.txt --dbs --level=5 --risk=3 --technique=T
If you do not have success with the Time-Based techniques, try out all other possible techquines with the following command:
sqlmap -r idce-sqli.txt --dbs --level=5 --risk=3
All database's information will be disclosed. But if you have used Time-Based Blind technique, it could take a long time to discover all database's information.
So, be patient.
Expected behavior:
Parameterized SQL queries.
Bug Fix:
Update to the latest version.
Additional context:
The procedure is to request a new CVE identifier when an vulnerability was previously considered fixed.
CVE ID: CVE-2022-30496