bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/asp/webapps/51335.txt
Exploit-DB 85954a8fad DB: 2023-04-09 
34 changes to exploits/shellcodes/ghdb

ENTAB ERP 1.0 - Username PII leak

ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)

ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)

FortiRecorder 6.4.3 - Denial of Service

Schneider Electric v1.0 - Directory traversal & Broken Authentication

Altenergy Power Control Software C1.2.5 - OS command injection

Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)

Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)

Google Chrome  109.0.5414.74 - Code Execution via missing lib file (Ubuntu)

Lucee Scheduled Job v1.0 -  Command Execution

Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

Adobe Connect 11.4.5 - Local File Disclosure

Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)

Suprema BioStar 2 v2.8.16 - SQL Injection

Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)

dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)

GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure

Icinga Web 2.10 - Arbitrary File Disclosure

Joomla! v4.2.8 - Unauthenticated information disclosure

Medicine Tracker System v1.0 - Sql Injection

Online Appointment System V1.0 - Cross-Site Scripting (XSS)

Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)

pfsenseCE v2.6.0 - Anti-brute force protection bypass

Restaurant Management System 1.0  - SQL Injection

WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)

Microsoft Windows 11 - 'cmd.exe' Denial of Service

ActFax 10.10 - Unquoted Path Services

ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path

RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution

Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation
2023-04-09 00:16:30 +00:00

28 lines
No EOL
1.1 KiB
Text
Raw Permalink Blame History

Exploit Title: ENTAB ERP 1.0 - Username PII leak
Date: 17.05.2022
Exploit Author: Deb Prasad Banerjee
Vendor Homepage: https://www.entab.in
Version: Entab ERP 1.0
Tested on: Windows IIS
CVE: CVE-2022-30076
Vulnerability Name: Broken Access control via Rate Limits
Description:
In the entab software in fapscampuscare.in, there is a login portal with a
UserId field. An authenticated user would enter and get their name as well
as other services. However, there should be a rate limit in place, which is
not present. As a result, a hacker could bypass the system and obtain other
usernames via broken access control. This enables a threat actor to
obain the complete full name and user ID of the person.
POC:
1. Go to fapscampuscare.in or any entab hosted software and find the entab
software.
2. Use a proxy to intercept the request.
3. Since it's a student login, try a random UserId (e.g., s11111).
4. Intercept the request using Burp Suite and send it to the Intruder.
5. Select payloads from number 100000-20000, and turn off URL encoding on
the UserId parameter.
6. Start the attack and sort by length to obtain the username and full name
of other users.
Reference in a new issue View git blame Copy permalink