Benner ModernaNet SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Benner ModernaNet versions prior to 1.1.0. The issue resides in the '/Home/JS_CarregaCombo' endpoint, specifically within the 'additionalCondition' parameter. This vulnerability allows for blind Boolean-based SQL injection, where an attacker can infer database information by manipulating the SQL query. Exploitation can be done remotely without any authentication or privileges.

Impact

Exploitation of this vulnerability allows for blind Boolean-based SQL injection, enabling an attacker to infer database information. This could lead to further exploitation of the application or its underlying database.

Reproduction

The vulnerability can be reproduced by sending a request to the '/Home/JS_CarregaCombo' endpoint with the 'additionalCondition' parameter manipulated to include a crafted SQL injection payload. One such payload could be '1=1) AND (CASE WHEN (SUBSTRING(DB_NAME(),X,1)='Y') THEN 1 ELSE 0 END=1)--', where 'X' is replaced with the index of the database name character to be tested, and 'Y' is the character being checked. The response length can be observed to determine if the injection was successful.

Remediation

Users are advised to upgrade to Benner ModernaNet version 1.1.1 or later.