Share
## https://sploitus.com/exploit?id=PACKETSTORM:171777
Exploit Title: ENTAB ERP 1.0 - Username PII leak  
Date: 17.05.2022  
Exploit Author: Deb Prasad Banerjee  
Vendor Homepage: https://www.entab.in  
Version: Entab ERP 1.0  
Tested on: Windows IIS  
CVE: CVE-2022-30076  
  
Vulnerability Name: Broken Access control via Rate Limits  
  
Description:  
In the entab software in fapscampuscare.in, there is a login portal with a  
UserId field. An authenticated user would enter and get their name as well  
as other services. However, there should be a rate limit in place, which is  
not present. As a result, a hacker could bypass the system and obtain other  
usernames via broken access control. This enables a threat actor to  
obain the complete full name and user ID of the person.  
  
POC:  
1. Go to fapscampuscare.in or any entab hosted software and find the entab  
software.  
2. Use a proxy to intercept the request.  
3. Since it's a student login, try a random UserId (e.g., s11111).  
4. Intercept the request using Burp Suite and send it to the Intruder.  
5. Select payloads from number 100000-20000, and turn off URL encoding on  
the UserId parameter.  
6. Start the attack and sort by length to obtain the username and full name  
of other users.