Petraware pTransformer ADC < - Login Bypass

2019-05-28 13:05:05

# Exploit Title: Petraware pTransformer ADC before allows SQL
Injection via the User ID parameter to the login form.
# Date: 28-05-2019
# Exploit Author: Faudhzan Rahman
# Website:
# Vendor Homepage:
# Version: 2.0
# CVE : CVE-2019-12372
# Tested on: Windows 10 Pro


The login form on pTransformer ADC does not filter dangerous character such
as single quote ('). This has cause the application to be vulnerable to SQL


The vulnerable parameter is User ID. By injecting ' or '1'='1'-- ,it will
bypass the login form.



No fixes

Per poter inviare un fix è necessario essere utenti registrati.