what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Petraware pTransformer ADC SQL Injection

Petraware pTransformer ADC SQL Injection
Posted May 28, 2019
Authored by Faudhzan Rahman

Petraware pTransformer ADC versions prior to 2.1.7.22827 suffer from a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, sql injection
advisories | CVE-2019-12372
SHA-256 | be5cf0e4686ee81291a49394c74a1db3d5f2794df10cc646e837e51258c6be83

Petraware pTransformer ADC SQL Injection

Change Mirror Download
# Exploit Title: Petraware pTransformer ADC before 2.1.7.22827 allows SQL
Injection via the User ID parameter to the login form.
# Date: 28-05-2019
# Exploit Author: Faudhzan Rahman
# Website: https://faudhzanrahman.blogspot.com/
# Vendor Homepage: http://www.petraware.com
# Version: 2.0
# CVE : CVE-2019-12372
# Tested on: Windows 10 Pro

*Description*

The login form on pTransformer ADC does not filter dangerous character such
as single quote ('). This has cause the application to be vulnerable to SQL
Injection.

*Proof-of-concept*

The vulnerable parameter is User ID. By injecting ' or '1'='1'-- ,it will
bypass the login form.

*Reference*

https://faudhzanrahman.blogspot.com/2019/05/sql-injection-on-login-form.html
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close