CVE-2022-30076: ENTAB ERP 1.0 Information Disclosure ≈ Packet Storm

Exploit Title: ENTAB ERP 1.0 - Username PII leakDate: 17.05.2022Exploit Author: Deb Prasad BanerjeeVendor Homepage: https://www.entab.inVersion: Entab ERP 1.0Tested on: Windows IISCVE: CVE-2022-30076Vulnerability Name: Broken Access control via Rate LimitsDescription:In the entab software in fapscampuscare.in, there is a login portal with aUserId field. An authenticated user would enter and get their name as wellas other services. However, there should be a rate limit in place, which isnot present. As a result, a hacker could bypass the system and obtain otherusernames via broken access control. This enables a threat actor toobain the complete full name and user ID of the person.POC:1. Go to fapscampuscare.in or any entab hosted software and find the entabsoftware.2. Use a proxy to intercept the request.3. Since it's a student login, try a random UserId (e.g., s11111).4. Intercept the request using Burp Suite and send it to the Intruder.5. Select payloads from number 100000-20000, and turn off URL encoding onthe UserId parameter.6. Start the attack and sort by length to obtain the username and full nameof other users.