Tiandy Easy7 CMS SQL Injection Vulnerability in WebService GetDBData.jsp

A critical SQL injection vulnerability has been identified in Tiandy Easy7 CMS for Windows, version 7.17.0. The issue resides in the WebService GetDBData.jsp file, where the strTBName parameter can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely without authentication, allowing attackers to bypass security controls and gain unauthorized access to the backend database. Exploitation of this flaw could lead to the extraction of sensitive administrative credentials, unauthorized modification or deletion of data, and execution of administrative functions, resulting in a complete compromise of the system.

Impact

Exploitation of this vulnerability allows for unauthenticated remote SQL injection, with potential access to the backend database. This could lead to unauthorized extraction of sensitive data, including administrative credentials, and allow for modification or deletion of database information. Additionally, it could enable execution of administrative functions, causing a full system compromise.

Reproduction

To reproduce this vulnerability, send a request to the GetDBData.jsp file within the Easy7 WebService application. Manipulate the strTBName parameter with a crafted SQL payload that exploits the application's SQL query handling. The injection can be performed remotely, and no authentication is required.