header-logo
Suggest Exploit
vendor:
Maintenance Control Software
by:
Crash and _Sl0t_
6.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Maintenance Control Software
Affected Version From: 6.x.x
Affected Version To: Prior
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: DELPH
2020

Engeman Software Vulnerability

The attacker can inject sql codes in username textbox. In firebird the attack have a low impact, but in SQL Server may compromisse the server.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Engeman is a Brasilian software for maintenance control. 

Version tested: 6.x.x and prior. Next versions appears vulnerable too.

The attacker can inject sql codes in username  textbox:

SQL dump affter injection:

select nome,senha,diasexp,dataltsen,permitetroca from cfgusr where nome='NULL' OR NOME<>'1'

select nomegrupo from cfgusr where ignoragrupo='N' and nome='NULL' OR NOME='1'

In firebird the attack have a low impact, but in SQL Server may compromisse the server.

**** The version tested is a made in DELPH language, NOT is a Web Software! ****

Vendor site: www.engeman.com.br.

Plase, give the credits to: Crash and _Sl0t_ - DcLabs

Trank´s.

Navigation

Suggest Exploit

Services By CQR