ENTAB ERP 1.0 – Username PII leak

• Exploit Database
• 38 阅读

• 作者： Deb Prasad Banerjee
  日期： 2023-04-08
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/51335/

• Exploit Title: ENTAB ERP 1.0 - Username PII leak
  Date: 17.05.2022
  Exploit Author: Deb Prasad Banerjee
  Vendor Homepage: https://www.entab.in
  Version: Entab ERP 1.0
  Tested on: Windows IIS
  CVE: CVE-2022-30076
  
  Vulnerability Name: Broken Access control via Rate Limits
  
  Description:
  In the entab software in fapscampuscare.in, there is a login portal with a
  UserId field. An authenticated user would enter and get their name as well
  as other services. However, there should be a rate limit in place, which is
  not present. As a result, a hacker could bypass the system and obtain other
  usernames via broken access control. This enables a threat actor to
  obain the complete full name and user ID of the person.
  
  POC:
  1. Go to fapscampuscare.in or any entab hosted software and find the entab
  software.
  2. Use a proxy to intercept the request.
  3. Since it's a student login, try a random UserId (e.g., s11111).
  4. Intercept the request using Burp Suite and send it to the Intruder.
  5. Select payloads from number 100000-20000, and turn off URL encoding on
  the UserId parameter.
  6. Start the attack and sort by length to obtain the username and full name
  of other users.