Exploits / Vulnerability Discovered : 2022-06-14 |
Type : remote |
Platform : windows
This exploit / vulnerability Virtua software cobranca 12s sqli is for educational purposes only and if it is used you will do on your own risk!
## Description
A Blind SQL injection vulnerability in a Login Page (/controller/login.php) in Virtua Cobranca 12S version allows remote unauthenticated attackers to get information about application executing arbitrary SQL commands by idusuario parameter.
This request causes an error 500. Changing the idusuario to "'+AND+'1'%3d'1'--" the response to request was 200 status code with message of authentication error.