Vulnerable Software: Express Invoice
Vulnerability: Privilege Escalation
Affected Version: 7.25
Vendor Homepage: https://www.nchsoftware.com/
CVE: CVE-2020-11561
CVE Author: Tejas Nitin Pingulkar
Exploit Avilable: POC Available
About Affected Software
Express Invoice lets you create invoices you can print, email or fax directly to clients for faster payment. The reporting functionality allows you to keep track of payments, overdue accounts, sales team performance and more.
Additional Information
NCH express invoice software allows to access it over the web.
A web interface provides 3 types of users
- Administrator
- User
- Viewer
The administrator user has access to all modules including “Add New Item” “Add New Customer”. Users with Viewer privileges don’t have access to the ‘Add New Item’ or ‘Add New Customer’ modules by exploiting forceful browsing, a user with Viewer privileges can access admin-only modules
Exploit
Log in as a low-privileged user and enter the following URL, for example
http://[website:port]/itemprop?onok=itemlist&oncancel=itemlist
Proof Of Concept
Reference