Pixsoft Sol SQL Injection Vulnerability in Login Endpoint

A critical SQL injection vulnerability has been identified in Pixsoft Sol versions prior to 7.6.6. The issue arises in the Login Endpoint, specifically within the file processing of a certain servlet. The vulnerability allows remote attackers to manipulate the 'txtUsuario' parameter, injecting arbitrary SQL queries that are executed against the application's database. This type of injection can potentially lead to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for blind time-based SQL injection, where an attacker can execute arbitrary SQL commands on the application's database. This could be used to extract, modify, or delete data, or in some cases, escalate privileges or execute administrative functions.

Reproduction

To reproduce this vulnerability, send a request to the '/pix_projetos/servlet' endpoint with the 'act=login', 'submit=1', 'evento=0', and 'pixrnd' parameters. In the 'txtUsuario' parameter, insert a payload that includes a SQL injection, such as a crafted SQL query that exploits the application's database query handling. The injection can be tested by adding a delay command, such as 'WAITFOR DELAY', and observing if the server response is delayed, indicating that the injection was successful.