aliceicl/CVE-2022-30335.txt

## CVE-2022-30335.txt
[Product Description]
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.

------------------------------------------
[Vulnerability Type]
SQL Injection

------------------------------------------
[Vendor of Product]
Wealth Management System Limited

------------------------------------------
[Affected Product Code Base]
Bonanza Wealth Management System(BWM) - version 7.3.2

------------------------------------------
[Affected Component]
Login Form

------------------------------------------
[Attack Type]
Remote

------------------------------------------
[Impact Escalation of Privileges]
true

------------------------------------------
[Impact Information Disclosure]
true

------------------------------------------
[Attack Vectors]
SQL injection over login form

------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
Processing

------------------------------------------
[PoC]
After running the application, wait until the login window shows on the screen.

1) Supply User Name text box with SQL injection payload such as a' OR 'g'='g-- . Users could not type spacebar but copying the payload and paste it on this textbox did work.
2) Type any non-blank input on Password textbox
3) Submit the request by clicking OK button and capture the result returned from SQL server. Echo Mirage or any network sniffing tools could reveal a series of cipher text passwords bound to each user on this application.

------------------------------------------
[Reference]
https://incognitolab.com
https://www.wealth.co.th/products/bonanza-wealth-management/

------------------------------------------
[Discoverer]
Pornsook Kornkitichai

------------------------------------------
	[Product Description]
	Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.

	------------------------------------------
	[Vulnerability Type]
	SQL Injection

	------------------------------------------
	[Vendor of Product]
	Wealth Management System Limited

	------------------------------------------
	[Affected Product Code Base]
	Bonanza Wealth Management System(BWM) - version 7.3.2

	------------------------------------------
	[Affected Component]
	Login Form

	------------------------------------------
	[Attack Type]
	Remote

	------------------------------------------
	[Impact Escalation of Privileges]
	true

	------------------------------------------
	[Impact Information Disclosure]
	true

	------------------------------------------
	[Attack Vectors]
	SQL injection over login form

	------------------------------------------
	[Has vendor confirmed or acknowledged the vulnerability?]
	Processing

	------------------------------------------
	[PoC]
	After running the application, wait until the login window shows on the screen.

	1) Supply User Name text box with SQL injection payload such as a' OR 'g'='g-- . Users could not type spacebar but copying the payload and paste it on this textbox did work.
	2) Type any non-blank input on Password textbox
	3) Submit the request by clicking OK button and capture the result returned from SQL server. Echo Mirage or any network sniffing tools could reveal a series of cipher text passwords bound to each user on this application.

	------------------------------------------
	[Reference]
	https://incognitolab.com
	https://www.wealth.co.th/products/bonanza-wealth-management/

	------------------------------------------
	[Discoverer]
	Pornsook Kornkitichai

	------------------------------------------