Exploit Title: ENTAB ERP 1.0 - Username PII leak  
Date: 17.05.2022  
Exploit Author: Deb Prasad Banerjee  
Vendor Homepage:  
Version: Entab ERP 1.0  
Tested on: Windows IIS  
CVE: CVE-2022-30076  
Vulnerability Name: Broken Access control via Rate Limits  
In the entab software in, there is a login portal with a  
UserId field. An authenticated user would enter and get their name as well  
as other services. However, there should be a rate limit in place, which is  
not present. As a result, a hacker could bypass the system and obtain other  
usernames via broken access control. This enables a threat actor to  
obain the complete full name and user ID of the person.  
1. Go to or any entab hosted software and find the entab  
2. Use a proxy to intercept the request.  
3. Since it's a student login, try a random UserId (e.g., s11111).  
4. Intercept the request using Burp Suite and send it to the Intruder.  
5. Select payloads from number 100000-20000, and turn off URL encoding on  
the UserId parameter.  
6. Start the attack and sort by length to obtain the username and full name  
of other users.