CVE-2020-11561: Express Invoice- Privilege Escalation

 

Vulnerable Software: Express Invoice

Vulnerability: Privilege Escalation

Affected Version: 7.25

Vendor Homepage: https://www.nchsoftware.com/

CVE: CVE-2020-11561

CVE Author: Tejas Nitin Pingulkar

Exploit Avilable: POC Avilable

About Affected Software


Express Invoice lets you create invoices you can print, email or fax directly to clients for faster payment. The reporting functionality allows you to keep track of payments, overdue accounts, sales team performance and more.

Additional Information


NCH express invoice software allows to access it over the web.
A web interface provides 3 types of user

  • Administrator
  • User
  • Viewer

The administrator user has access to all modules including “Add New Item” “Add New Customer”. User with viewer privileges don’t have access to “Add New Item” or “Add New Customer” by forceful browsing, we will access admin modules using viewer user privileges 

Exploit


login as low privileged user and for example enter below url

http://[website:port]/itemprop?onok=itemlist&oncancel=itemlist

http://[website:port]/customerprop?onok=customerlist&oncancel=customerlist

Proof Of Concept


Reference


Scroll to top