ITC Systems Multiplan/Matrix OneCard SQL Injection Vulnerability

A SQL injection vulnerability has been identified in ITC Systems' Multiplan/Matrix OneCard platform, specifically in version 3.7.4.1002. The vulnerability resides in the 'ForgotPassword.aspx' component, where the 'ctl00%24cpLogin%24ctlForgotPassword%24txtEmail' POST parameter is not properly sanitized. This flaw allows unauthenticated attackers to exploit the application and read data from the backend database.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries and potentially access or modify database information.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'ForgotPassword.aspx' endpoint with an unsanitized email parameter. This can be done using a tool like Burp Suite to intercept and modify the request, or by using sqlmap to automate the exploitation process.

Remediation

Users are advised to update the platform to ITC's current offering. Contact ITC Sales to discuss the upgrade path to netZcore on-premise or netZcore Avro, ITC's advanced OneCard Cloud service.