Posts

CVE-2020-35398: UTI Mutual fund Android Application- Username Enumeration

Image
Vulnerable Software: UTI Mutual fund Android Application Vulnerability:  Username Enumeration Affected Version: 5.4.28 Patch: Not Released (03-December-2021) Vendor Homepage:   https://utimf.com/ CVE:  CVE-2020-11561 CVE Author:  Tejas Nitin Pingulkar Exploit Available: POC available About Affected Software Investing in Mutual Funds is now easy with the UTI MF (UTI Mutual Funds) App. It gives you a hassle-free experience to invest in any mutual fund scheme of your choice from anywhere, anytime with just a few clicks. The paperless transactions allow new investors to start a SIP or invest a lumpsum with ease. Exploit Input an incorrect username (one that don't exist), the application will respond with an error message "we are unable to recognize the use user id entered" were as if the valid username is entered and invalid password is provided application responds with "the password entered is incorrect" which assist attacker to enumerate v
Image
CVE-2020-27414 Mahavitaran Android Application: Insecure Communication of Sensitive Data Vulnerable Software:  Maharashtra State Electricity Board Android Application Vulnerability:  Insecure Communication of sensitive data Affected Version:  7.50 and prior Patched:  Yes Vendor Homepage:  https://www.mahadiscom.in/en/home/ App store link:  https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en_IN&gl=US CVE:  CVE-2020-27414 CVE Author:  Tejas Nitin Pingulkar Exploit Available:  POC Available About Affected Software The Official App for Consumer by Mahavitaran ( M.S.E.D.C.L.). Mahavitaran Consumer App enables consumers to avail Mahavitaran services at his/her fingertips. The app is simple and easy to use. It provides transparency in delivering services to consumers. ►Features : *View and Pay bill *Register and Track complaints *View Bill and Payment history *Manage Multiple Electricity Connections *Contact 24 x7 MSEDCL Call Center *Apply for New Connection * Know the

CVE-2020-13474: NCH Express Accounts- Privilege Escalation

Image
  Vulnerable Software:  NCH  Express Accounts Vulnerability:  Privilege Escalation Affected Version:   8.24 and prior Vendor Homepage:   https://www.nchsoftware.com/ CVE:  CVE-2020-13474 CVE Author:  Tejas Nitin Pingulkar Exploit Available:   Y es About Affected Software Express Accounts is professional business accounting software, perfect for small businesses needing to document and report on incoming and outgoing cash flow including sales, receipts, payments and purchases. Additional Information NCH express Accounts software allows to access it over the web. A web interface provides 3 types of user Administrator User Viewer The administrator user has access to all modules including Create new invoice,  Create new quote, Create new sales order, Create new purchase order, Apply customers payment, View Credit notes, Enter new account payable, view chart of accounts, Make a payment, Receive a payment, Add new item, Add new customer, Supliers list, Add/Edit users User with viewer privile

CVE-2020-13473: NCH Account-Clear Text Password Storage

Image
  Vulnerable Software:   Express Account Affected Version:   8.24 and prior Vendor Homepage:   https://www.nchsoftware.com/ CVE:  CVE-2020-13473 CVE Author:  Tejas Nitin Pingulkar Exploit Available:  Yes About Affected Software Express Accounts is professional business accounting software, perfect for small businesses needing to document and report on incoming and outgoing cash flow including sales, receipts, payments and purchases. Additional Information Express Accounts has functionality that allows to access it over the web. While configuring web access function application asks for user details such as username, password, email, etc. Application stores this information in “C:\ProgramData\NCH Software\ExpressAccounts\WebAccounts” Exploit Low authenticated user can access files stored in cleartext format in C:\ProgramData\NCH Software\ExpressAccounts\WebAccounts and obtain username passwords Proof Of Concept

CVE-2020-13475: NCH accounts-Cross Site Scripting

Image
  Vulnerable Software:  Express Account Vulnerability:  XSS Affected Version:  from 8.06 to 8.24 Vendor Homepage:   https://www.nchsoftware.com/ CVE:  CVE-2020-13475 CVE Author:  Tejas Nitin Pingulkar Exploit Available:   POC Available Patch Status:  Unpatched About Affected Software: Express Accounts is professional business accounting software, perfect for small businesses needing to document and report on incoming and outgoing cash flow including sales, receipts, payments and purchases. Exploit 1>Login as admin Use any of below payload IP:PORT/invoicelist?type=czalc’%3e%3cscript%3ealert(1)%3c%2fscript%3eqb6nc IP:PORT/ invoicedelete?type=mctf8″>%3e%3cscript%3ealert(1)%3c%2fscript%3eqb6ncmwk0t&id=DFT3  [to render second payload click on cancel]   Proof Of Concept Timeline: Vulnerability Discovered – 7 April Initial Email Sent: 19th May 2020 — No response CVE Generated: 26 May 2020 Followup 2: 15 June 2020 — No response Followup 3: 26 July 2020 — No response Acknowledged- 06

CVE-2020-23446 Verint Workforce Optimization (WFO)

Image
Vulnerable Software :  Verint Workforce Optimization (WFO) Vulnerability :   Unauthenticated Information Disclosure via API Affected Version:  15.1 (15.1.0.37634) Vendor Homepage: Link CVE:   2020-23446 CVE Author:  Tejas Nitin Pingulkar Exploit Available:   POC Available About Affected Software: Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including: Back-office operations Branch operations Contact centers Financial trading rooms Additional Information : Verint WFO application provides functionality to download topology reports to authenticated users, however, using direct object reference/API unauthenticated attacker can obtain reports. Exploit: Access URL :   [IP/Domain]/wfo/rest/em-api/v1/topology/ generation Note: only most recently generated report can be obtained by the attacker Patch : Patched in version 15.2 POC:   Timel

Turbo VPN: Unquoted Search Path Vulnerability

Image
Vulnerable Software:  Turbo VPN Affected Version:  1.1.0.0 Vendor Homepage:   https://www.turbovpn.co/#/views/index CVE:  – CVE Author:  Tejas Nitin Pingulkar Exploit Available:   POC Available About Affected Software: Turbo VPN For PC is a free VPN client which offers free VPN proxy giving you the chance to unblock sites and applications and gain access to restricted resources. Exploit: Turbo VPN 1.1.0.0 installers and applications are vulnerable to unquoted search path vulnerability as application search path are not quoted that is when application search for binaries TurboVPN folder stored in “C:\Program files(x86)\TurboVPN” it uses below search order as path is not quoted C:\Program.exe C:\Program (x86)\TurboVPN As on drive C:\ all users have full access, an attacker can place malicious exe with name “Program.exe” in C:\ path and wait for application to call Program.exe and escalate his/her privileges Affected application : turbo VPN 1.1.0.0 windows version POC