51 lines
No EOL
1.7 KiB
Text
51 lines
No EOL
1.7 KiB
Text
# Exploit Title: SQL Injection
|
|
# Date: 18 December, 2017
|
|
# Exploit Author: Rajwinder Singh
|
|
# Vendor Homepage: http://www.beims.com/products/
|
|
# Software Link: http://www.beims.com/optional-modules/#ccw
|
|
|
|
# Version: BEIMS ContractorWeb .NET System 5.18.0.0
|
|
# CVE : 2017-17721
|
|
|
|
|
|
Vulnerability Details:
|
|
======================
|
|
WEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.
|
|
|
|
Impact:
|
|
======================
|
|
1. Database compromise
|
|
2. Server compromise
|
|
3. Application defacement
|
|
4. Internal network access and exploitation.
|
|
|
|
|
|
Proof-of-Concept:
|
|
====================
|
|
1. Injected SQL injection payload under page "/CWEBNET/WOSummary/List" in post parameter 'tradestatus' and received SQL error response from server.
|
|
2. Saved request in the text file to run automated SQLmap tool for further enumeration and successfully dumped full database which will not be disclosed.
|
|
|
|
Affected Component:
|
|
====================
|
|
URL: www.domain.com/CWEBNET/WOSummary/List
|
|
post parameters: tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, workorderstatus
|
|
|
|
Disclosure Timeline:
|
|
=====================
|
|
Mitre Notification: 18 December, 2017
|
|
Public Disclosure: 18 December, 2017
|
|
|
|
Exploitation Technique:
|
|
=======================
|
|
Remote
|
|
|
|
Severity Level:
|
|
================
|
|
Critical
|
|
|
|
Description:
|
|
=====================================================
|
|
Request Method(s): [+] POST
|
|
Vulnerable Product: [+] BEIMS ContractorWeb .NET System 5.18.0.0
|
|
|
|
Reference: https://becomepentester.blogspot.ae/2017/12/ZUUSE-BEIMS-ContractorWeb-SQLInjection-CVE-2017-17721.html |