header-logo
Suggest Exploit
vendor:
SmarterTrack
by:
Andrei Manole
7,5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: SmarterTrack
Affected Version From: 10.x
Affected Version To: 14.x
Patch Exists: NO
Related CWE: N/A
CPE: a:smartertools:smartertrack:7922
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10
2020

SmarterTools SmarterTrack 7922 – ‘Multiple’ Information Disclosure

This file disclosure all agents id and first name and second name

Mitigation:

Ensure that sensitive information is not disclosed in the source code of the application
Source

Exploit-DB raw data:

# Exploit Title: SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure 
# Google Dork: intext:"Powered by SmarterTrack"
# Date: 23/01/2020
# Exploit Author: Andrei Manole
# Vendor Homepage: https://www.smartertools.com/
# Software Link: https://www.smartertools.com/smartertrack
# Version: TESTED ON  10.x -> 14.x and to Build 7922 (set 9, 2021)
# Tested on: Windows 10

POC:
VULNERABLE TARGET/Management/Chat/frmChatSearch.aspx
This file disclosure all agents id and first name and second name

Navigation

Suggest Exploit

Services By CQR