CVE-2020-8656 Scanner

EyesOfNetwork is a monitoring application that provides IT system visibility and management features. It is employed primarily in network and infrastructure monitoring, often by IT departments of medium to large-sized enterprises. Its functionality includes visualization of network resources and their status, contributing to proactive IT management. EyesOfNetwork facilitates centralized oversight of IT ecosystem, ensuring system performance and availability. Additionally, it helps in optimizing resource allocation and identifying potential IT issues swiftly. Its comprehensive dashboard and alert mechanisms are critical for day-to-day IT operations.

The SQL Injection vulnerability found in EyesOfNetwork allows unauthorized individuals to execute arbitrary SQL code on the database. This could lead to unauthorized data retrieval, manipulation, or even deletion. SQL injection exploits are particularly dangerous as they can allow attackers to access the underlying data of the application without proper authorization. A vulnerable endpoint in the API, specifically the `getApiKey` function, is susceptible to this type of injection. Proper safeguard measures are required to prevent unauthorized SQL execution. The vulnerability is compounded by the potential authentication bypass, which could compromise the system's security further.

The vulnerability resides in the `getApiKey` function in the `api_functions.php` file, where the `username` field is not sufficiently sanitized. An attacker could manipulate SQL queries through this input, exploiting it via a crafted payload. The SQL injection can then bypass normal authentication sequences, gaining illicit access to the network's API key. Moreover, a time-based blind injection can be performed by introducing a time delay within the SQL query to infer information about the database structure. These technical flaws are critical as they expose sensitive data and functionalities to unauthorized access.

Potential exploitations of this vulnerability include unauthorized access to sensitive data, data corruption, and denial of service from database overload. An attacker could execute arbitrary commands via injection, gaining control over database operations. This situation could lead to a full compromise of the monitored network or manipulate monitoring data to elude detection of further malicious activities. Further, this could result in significant operational disruption and financial loss, as well as legal implications if personal data is exposed.

REFERENCES

• https://www.exploit-db.com/exploits/48025
• https://nvd.nist.gov/vuln/detail/CVE-2020-8656
• https://github.com/EyesOfNetworkCommunity/eonapi/issues/17