Pixsoft E-Saphira SQL Injection Vulnerability in Login Endpoint

A critical SQL injection vulnerability has been identified in Pixsoft E-Saphira version 1.7.24. The issue arises in the Login Endpoint, specifically within the '/servlet?act=login&tipo=1' file. The vulnerability allows remote attackers to manipulate the 'txtUsuario' parameter, injecting arbitrary SQL queries that are executed against the application's database. This flaw has been publicly disclosed, and the vendor has not responded to initial reports.

Impact

Exploitation of this vulnerability allows for blind time-based SQL injection, where an attacker can execute arbitrary SQL commands in the application's database. This could potentially lead to data manipulation or extraction, depending on the database permissions and structure.

Reproduction

To reproduce this vulnerability, send a request to the '/servlet?act=login&tipo=1' endpoint with a crafted 'txtUsuario' parameter that includes a SQL injection payload. One effective payload is designed to exploit time-based SQL injection by adding a delay, which can be observed in the server's response time. The injection's success can be verified by checking for a delayed response, indicating that the SQL injection was executed successfully.