Gatesoft Docusafe Sql Injection Vulnerablity

vendor:

DocuSafe

by:

R4dc0re

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: DocuSafe

Affected Version From: 4.1.0

Affected Version To: 4.1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:gatesoft:docusafe

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Gatesoft Docusafe Sql Injection Vulnerablity

DocuSafe is a Product Document Management (PDM) system special made for electronics and or mechanical industry. It is used by large manufacturers in several countries and is coded in ASP 2.0 & VBScript. The vulnerability is an SQL Injection vulnerability which can be exploited by sending a maliciously crafted request to the server via the ECO.asp?ECO_ID=[Code] endpoint.

Mitigation:

Input validation should be used to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

# Author: R4dc0re
# Exploit Title: Gatesoft Docusafe Sql Injection Vulnerablity 
# Date: 05-12-2010
# Vendor or Software Link:http://gatesoft.no/
# Category:WebApp
# Version:4.1.0
# Price:3500$
# Contact: R4dc0re@yahoo.fr
# Website: www.1337db.com
# Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members

  Submit Your Exploit at Submit@1337db.com

########################################################################################
[Product Detail]

Product Document Management (PDM) system special made for electronics and 
or mechanical industry. 
DocuSafe is used by large manufacturers in several countries.
Code: ASP 2.0 & VBScript

[Vulnerability]

SQL Injection:

http://server/ECO.asp?ECO_ID=[Code]
########################################################################################