Details of VAR-E-201907-0024

ID

VAR-E-201907-0024

CVE

cve_id:

CVE-2019-0285

Trust: 1.5

sources: PACKETSTORM: 153471 // EXPLOIT-DB: 47061

EDB ID

47061

TITLE

SAP Crystal Reports - Information Disclosure - Multiple webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 47061

DESCRIPTION

SAP Crystal Reports - Information Disclosure. CVE-2019-0285 . webapps exploit for Multiple platform

Trust: 0.6

sources: EXPLOIT-DB: 47061

AFFECTED PRODUCTS

vendor:

sap

model:

crystal reports

scope:

version:

Trust: 2.1

sources: PACKETSTORM: 153471 // EXPLOIT-DB: 47061 // EDBNET: 101664

EXPLOIT

# Exploit Title: [Sensitive Information Disclosure in SAP Crystal Reports]
# Date: [2019-04-10]
# Exploit Author: [Mohamed M.Fouad - From SecureMisr Company]
# Vendor Homepage: [https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114]
# Version: [SAP Crystal Reports for Visual Studio, Version - 2010] (REQUIRED)
# Tested on: [Windows 10]
# CVE : [CVE-2019-0285]

POC:

1- Intercept the "Export" report http request

2- Copy the "__CRYSTALSTATE" + <crystal report user control> Viewer name parameter value.

3- You will find a base64 value in "viewerstate" attribute.

4- decode the value you will get database information such as: name, credentials, Internal Path disclosure and some debugging information.

Trust: 1.0

sources: EXPLOIT-DB: 47061

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 47061

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 47061

TYPE

Information Disclosure

Trust: 1.6

sources: EXPLOIT-DB: 47061 // EDBNET: 101664

CREDITS

Mohamed M.Fouad

Trust: 0.6

sources: EXPLOIT-DB: 47061

EXTERNAL IDS

db:	EXPLOIT-DB	id:	47061	Trust: 1.6
db:	NVD	id:	CVE-2019-0285	Trust: 1.5
db:	EDBNET	id:	101664	Trust: 0.6
db:	PACKETSTORM	id:	153471	Trust: 0.5

sources: PACKETSTORM: 153471 // EXPLOIT-DB: 47061 // EDBNET: 101664

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-0285	Trust: 1.5
url:	https://www.exploit-db.com/exploits/47061/	Trust: 0.6

sources: PACKETSTORM: 153471 // EXPLOIT-DB: 47061 // EDBNET: 101664

SOURCES

db:	PACKETSTORM	id:	153471
db:	EXPLOIT-DB	id:	47061
db:	EDBNET	id:	101664

LAST UPDATE DATE

2022-07-27T09:56:05.493000+00:00

SOURCES RELEASE DATE

db:	PACKETSTORM	id:	153471	date:	2019-07-01T14:53:47
db:	EXPLOIT-DB	id:	47061	date:	2019-07-01T00:00:00
db:	EDBNET	id:	101664	date:	2019-07-01T00:00:00

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES RELEASE DATE