{"id":389,"date":"2021-01-16T10:19:50","date_gmt":"2021-01-16T10:19:50","guid":{"rendered":"https:\/\/lyhinslab.org\/?p=389"},"modified":"2021-05-13T16:09:31","modified_gmt":"2021-05-13T16:09:31","slug":"how-the-white-box-hacking-works-scipio-erp-rce-csrf-and-co","status":"publish","type":"post","link":"https:\/\/lscp.llc\/index.php\/2021\/01\/16\/how-the-white-box-hacking-works-scipio-erp-rce-csrf-and-co\/","title":{"rendered":"How White-Box hacking works: Scipio ERP, RCE\/CSRF and Co"},"content":{"rendered":"\n
Why Scipio ERP (v2.0.0):<\/p>\n\n\n\n
240 stars on Github<\/li>
Apache-2.0 License<\/li>
Java<\/li><\/ul>\n\n\n\n
The mentioned vulnerabilities were found and exploited by Ihor Voschyk and Darina Honcharenko, October 24, 2020. <\/p>\n\n\n\n
Remote Code Execution<\/h3>\n\n\n\n
Severity: Critical CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H To reproduce the issue, navigate to \/admin\/control\/ProgramExport and paste a groovy script to execute any code on the server. <\/p>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n
Local File Disclosure<\/h3>\n\n\n\n
Severity: High CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N<\/p>\n\n\n\n
Navigate to \/cms\/control\/editTemplate and create a template:<\/p>\n\n\n\n<\/figure>\n\n\n\n
![\"\"](\"https:\/\/lyhinslab.org\/wp-content\/uploads\/2021\/01\/image-8.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/lyhinslab.org\/wp-content\/uploads\/2021\/01\/image-1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/lyhinslab.org\/wp-content\/uploads\/2021\/01\/image-2.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/lyhinslab.org\/wp-content\/uploads\/2021\/01\/image-3.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/lyhinslab.org\/wp-content\/uploads\/2021\/01\/image-4.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/lyhinslab.org\/wp-content\/uploads\/2021\/01\/image-6.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/lyhinslab.org\/wp-content\/uploads\/2021\/01\/image-7.png\")
<\/figure>\n\n\n\n