SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection

vendor:

SoftExpert Excellence Suite

by:

Seren PORSUK

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: SoftExpert Excellence Suite

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: softexpert:softexpert_excellence_suite

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: PHP

2018

SoftExpert Excellence Suite 2.0 – ‘cddocument’ SQL Injection

A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the 'cddocument' parameter in the 'Downloading Electronic Documents' section.

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
# Author: Seren PORSUK
# Date: 2018-06-28
# Type: webapps
# Platform: PHP
# CVE= N/A
# Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/

# DETAILS
# A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0
# allows remote authenticated users to perform SQL heuristics by pulling
# information from the database with the "cddocument" parameter  in the
# "Downloading Electronic Documents" section.

# Vulnerable Parameter Type : GET
# Vulnerable Parameter : cddocument

#Vulnerable URL : 
http://localhost/se/v75408/generic/gn_eletronicfile_view/1.1/view_eletronic_download.php?class_name=dc_eletronic_file&classwaybusinessrule=class.dc_eletronic_file.inc&action=4&cddocument=[SQLi]&saveas1&mainframe=1&cduser=6853

#SQLi Parameter : 2  AND 1=2