Pasal - Departmental Store Management System v1.2 - SQL Injection

vendor:

Pasal - Departmental Store Management System

by:

Ihsan Sencan

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Pasal - Departmental Store Management System

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:webstarslab:pasal_departmental_store_management_system:1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win7 x64, Kali Linux x64

2017

Pasal – Departmental Store Management System v1.2 – SQL Injection

Pasal - Departmental Store Management System v1.2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames, passwords, emails, full names, and permissions from the tbl_users table. The vulnerable parameters are module.php?module=vendors&page=edit-vendors&id=[SQL], module.php?module=units&page=edit-units&id=[SQL], module.php?module=currency&page=edit-currency&id=[SQL], module.php?module=category&page=edit-category&id=[SQL], and module.php?module=purchase&y=[SQL]&m=[SQL].

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Pasal - Departmental Store Management System v1.2 - SQL Injection
# Google Dork: N/A
# Date: 17.03.2017
# Vendor Homepage: http://webstarslab.com
# Software : http://webstarslab.com/products/pasal-departmental-store-management-system/
# Demo: http://webstarslab.com/departmental-store-management-system/store/
# Version: 1.2
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# Login as regular user
# http://localhost/[PATH]/module.php?module=vendors&page=edit-vendors&id=[SQL]
# http://localhost/[PATH]/module.php?module=units&page=edit-units&id=[SQL]
# http://localhost/[PATH]/module.php?module=currency&page=edit-currency&id=[SQL]
# http://localhost/[PATH]/module.php?module=category&page=edit-category&id=[SQL]
# http://localhost/[PATH]/module.php?module=purchase&y=[SQL]&m=[SQL]
# tbl_users:id
# tbl_users:username
# tbl_users:password
# tbl_users:email
# tbl_users:full_name
# tbl_users:permission
# Etc..
# # # # #