Exploit for ebankIT 6 Denial Of Service CVE-2023-30455

Name: Exploit for ebankIT 6 Denial Of Service CVE-2023-30455
Rating: 5 (185 reviews)
2023-04-28 | CVSS 6.9
## https://sploitus.com/exploit?id=PACKETSTORM:172064
CVE-2023-30455  
  
[Description]  
An issue was discovered in ebankIT before version 7.  
A Denial-of-Service attack is possible through the GET parameter  
EStatementsIds located on the  
/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint.  
The GET parameter accepts over 100 comma-separated e-statement IDs  
without throwing an error. When this many IDs are supplied, the server  
takes around 60 seconds to respond and successfully generate the  
expected ZIP archive (during this time period, no other pages load). A  
threat actor could issue a request to this endpoint with 100+ statement  
IDs every 30 seconds, potentially resulting in an overload of the  
server for all users.  
  
------------------------------------------  
  
[VulnerabilityType Other]  
Denial of Service  
  
------------------------------------------  
  
[Vendor of Product]  
ebankIT  
  
------------------------------------------  
  
[Affected Product Code Base]  
ebankIT - Omnichannel Digital Banking Platform - Version 6, patched in version 7  
  
------------------------------------------  
  
[Affected Component]  
The endpoint existing at /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx?EStatementsIds=*id*,*id*,*id*,etc  
  
------------------------------------------  
  
[Attack Type]  
Remote  
  
------------------------------------------  
  
[Impact Denial of Service]  
true  
  
------------------------------------------  
  
[Attack Vectors]  
I discovered it was possible to perform a Denial-of-Service attack on  
the ebankIT platform, potentially resulting in a single user rendering  
the entire application inaccessible. The vulnerable endpoint exists on  
/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx  
and the EStatementsIds GET parameter accepts over 100  
comma-separated e-statement IDs without throwing an error. When this  
many IDs are supplied, the server takes around 60 seconds to respond  
and successfully generate the expected zip file (during this 60  
seconds, no other pages load). A threat actor could issue a request to  
this endpoint with 100+ statement ID s every 30 seconds, potentially  
resulting in overloading the server for all users of the ebankIT  
platform. I believe this is being caused by a thread commitment issue  
where there are no dedicated threads to individual processes.  
  
------------------------------------------  
  
[Discoverer]  
Jake Murphy