Tiandy Easy7 Integrated Management Platform Unauthenticated SQL Injection Vulnerability in WebService GetDBDataEx.jsp

A SQL injection vulnerability has been identified in Tiandy Easy7 Integrated Management Platform version 7.17.0. The issue arises in the WebService GetDBDataEx.jsp file, where manipulation of the strTBName argument allows for SQL injection. This vulnerability can be exploited remotely, and the exploit has been made public. Despite early disclosure to the vendor, no response was received.

Impact

Exploitation of this vulnerability allows for unauthorized SQL injection, enabling attackers to manipulate database queries. This could lead to unauthorized data access or modification. In this case, the vulnerability has been demonstrated to allow retrieval of usernames and passwords from the database.

Reproduction

To reproduce this vulnerability, send a request to the GetDBDataEx.jsp endpoint with a crafted strTBName parameter that includes a SQL injection payload. The injected SQL query can be used to extract data from the database, such as user credentials.