“##s can use this to access customers ’ billquick data and run malicious commands on their on - premises windows servers. we have been in close contact with the bqe team to notify them of this vulnerability, assess the code changes implemented in websuite 2021 version 22. 0. 9. 1 …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
100%
“hackers are exploiting a vulnerability in billing software | huntress hackers are constantly looking for low - hanging fruit and vulnerabilities that can be exploited - and they ’ re not always poking around in “ big ” mainstream applications like office. sometimes, a productivit…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
99%
“obtained sensitive data from the billquick server without authentication. because these versions of billquick used the sa ( system administrator ) mssql user for database authentication, this sql injection also allowed the use of the xp _ cmdshell procedure to remotely execute co…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
97%
“account. this indicated the possibility of a web application being exploited in order to gain initial access. the server in question hosted billquick web suite 2020 ( ws2020 ), and the connection logs indicated a foreign ip repeatedly sending post requests to the web server logon…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1505.001SQL Stored Procedures
70%
“commands for re - enabling the xp _ cmdshell extended stored procedure and then execute code through powershell. exe. in the above video, we showcase writing to a file on the server host and spawning calc. exe as the mssqlserver $ service account. observing the sqlmap scanning in…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
52%
“to leak sensitive data from the backend database, and in certain cases, gain remote code execution. here, we showcase an initial scan of the login endpoint. the file login - request. txt contains a raw http request which performs an attempted login. there is nothing inherently ma…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Huntress discovered threat actors abusing a blind SQL injection vulnerability in BillQuick Web Suite. Follow our analysis and latest findings in this blog.