ZKTime Web Software 2.0 Insecure Direct Object Reference

ZKTime Web Software 2.0 Insecure Direct Object Reference: Posted Oct 20, 2017; Authored by Arvind V; ZKTime Web Software version 2.0 suffers from an insecure direct object reference vulnerability.; tags | exploit, web; advisories | CVE-2017-14680; SHA-256 | 086c126d09d75f6b2bebdd1eae661a5c4bf54763d352e0a9b2713fb0387890ff; Download | Favorite | View

ZKTime Web Software 2.0 Insecure Direct Object Reference

Exploit Title: ZKTime Web Software 2.0 - Broken Authentication
CVE-ID: CVE-2017-14680
Vendor Homepage: https://www.zkteco.com/product/ZKTime_Web_2.0_435.html
Vendor of Product: ZKTeco
Affected Product Code: ZKTime Web - 2.0.1.12280
Category: WebApps
Author: Arvind V.
Author Social: @Find_Arvind
 
------------------------------------------
 
Product description:
ZKTime Web 2.0 is a cutting edge Web-based Time Attendance software, which
provided a stable communication for devices through GPRS/WAN, hence, users
can access the software anywhere by their Web Browser to remotely manage
hundreds of T&A terminals under complex network condition (WLAN). The
Application has an administrator role and application user role.
 
Attack Description:
The Application is a time attendance software which allows users to
download their time and attendance data from the application in a PDF
Format. The data includes their employeeas id, user-id, gender,
birth-dates, phone numbers and access-areas. These PDF Files however are
not properly authenticated. If any user get access to the file-download
link, he can go ahead and download these files directly without any
authentication.
 
Proof of Concept Links:
 
1) https://XX.XX.XX.XX:8081/tmp/report_file/Personnel_20170820144237.pdf
<https://xx.xx.xx.xx:8081/tmp/report_file/Personnel_20170820144237.pdf>
2) https://XX.XX.XX.XX:8081/tmp/report_file/Personnel_20170820144238.pdf
<https://xx.xx.xx.xx:8081/tmp/report_file/Personnel_20170820144238.pdf>
3) https://XX.XX.XX.XX:8081/tmp/report_file/Personnel_20170820144239.pdf
<https://xx.xx.xx.xx:8081/tmp/report_file/Personnel_20170820144239.pdf>
 
 
Impact:
Personal details pertaining to the employees of the company are disclosed
without their permissions. This leads to violation of user privacy.
Moreover the information available can be used to mount further attacks.
 
References:
https://seclists.org/fulldisclosure/2017/Sep/39
https://seclists.org/bugtraq/2017/Sep/20
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14680
 
 
Vulnerability Timeline:
18th August 2017 a Vulnerability Discovered
20th August 2017 a Contacted Vendor a No Response
1st September 2017 a Contacted Vendor again a No Response
18th September 2017 a Vulnerability Disclosed

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

ZKTime Web Software 2.0 Insecure Direct Object Reference

ZKTime Web Software 2.0 Insecure Direct Object Reference

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ZKTime Web Software 2.0 Insecure Direct Object Reference

Share This

ZKTime Web Software 2.0 Insecure Direct Object Reference

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems