exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CITSmart ITSM 9.1.2.22 LDAP Injection

CITSmart ITSM 9.1.2.22 LDAP Injection
Posted Apr 14, 2021
Authored by skys

CITSmart ITSM version 9.1.2.22 suffers from an LDAP injection vulnerability.

tags | exploit
advisories | CVE-2020-35775
SHA-256 | 97de053873681829149a127423d8ad70cb9b802ae2777d48c6c157dc86463114

CITSmart ITSM 9.1.2.22 LDAP Injection

Change Mirror Download
# Exploit Title: CITSmart ITSM 9.1.2.22 - LDAP Injection
# Google Dork: "citsmart.local"
# Date: 29/12/2020
# Exploit Author: skysbsb
# Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html
# Version: < 9.1.2.23
# CVE : CVE-2020-35775

To exploit this flaw it is necessary to have at least one user/password previously registered, because the system checks (ldap bind) the first user returned in the ldap search. However, it returns the last user found in the search to the function that called it (logic error).

So, I call this problem an LDAP injection in conjunction with a programming logic error that allows you to authenticate to CITSmart ITSM with another valid user without needing to know the target user's password.

Affected versions: < 9.1.2.23
Fixed versions: >= 9.1.2.23

Using this LDAP query in the username field of login page you could login with the target_username account without knowing the target account password.

*)(|(sAMAccountName=valid_username)(sAMAccountName=target_username)

You must know at least one username/password because the autenticacaoAD() function at LDAPUtils.java class (package br.com.centralit.citcorpore.integracao.ad) will try to bind with the first user (valid_username) of the query result.

Vendor has acknowledge this vulnerability at ticket 5929 (https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html)

Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close