Vulnerable Software: Express Invoice
Vulnerability: Privilege Escalation
Affected Version: 7.25
Vendor Homepage: https://www.nchsoftware.com/
CVE: CVE-2020-11561
CVE Author: Tejas Nitin Pingulkar
Exploit Avilable: POC Avilable
About Affected Software
Express Invoice lets you create invoices you can print, email or fax directly to clients for faster payment. The reporting functionality allows you to keep track of payments, overdue accounts, sales team performance and more.
Additional Information
NCH express invoice software allows to access it over the web.
A web interface provides 3 types of user
- Administrator
- User
- Viewer
The administrator user has access to all modules including “Add New Item” “Add New Customer”. User with viewer privileges don’t have access to “Add New Item” or “Add New Customer” by forceful browsing, we will access admin modules using viewer user privileges
Exploit
login as low privileged user and for example enter below url
http://[website:port]/itemprop?onok=itemlist&oncancel=itemlist
Proof Of Concept
Reference