The Day I End-Up finding that Critical Database Info leaking on CM Cell(TN) Application
As you have read the title, Yes! Karthikeyan. V the guy who was testing the CM Cell application and fortunately found the tipping point where the database had some issues with the application. After digging it more deep, he discovered that there was a vulnerability out there. Now let’s dive into the technical part →
This is a web security vulnerability that allows an attacker to interfere with the malicious code that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.
Vulnerable Request
POST /xxx.abc HTTP/1.1
Host: cmcell.tn.gov.in
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 172
Origin: http://cmcell.tn.gov.in
Connection: close
Referer: http://cmcell.tn.gov.in/xxx.abc
Upgrade-Insecure-Requests: 1
VulnerableParameters = **malicious code**
Impact of this Vulnerability
A successful attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or other personal user information. Many high-profile data breaches in recent years have been the result of these attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization’s systems, leading to a long-term compromise that can go unnoticed for an extended period.
Note:
Due to high-privacy reasons, I have not mentioned any names and PoCs also it’s illegal to continue the attack after this process.
**This write-up was written for Educational Purposes only**
Jai Hind
Credits:
Discovered by: Karthikeyan. V (Founder & CEO of Cappricio Securities)
Report Writer: Karthikeyan. K (CIO of Cappricio Securities)