How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance

It seems that vulnerability research is becoming increasingly challenging every year, as frameworks and languages become more secure by default and vendors are more aware of the security risks that plagued web applications of the early 2000s. Gone are the days of super simple bugs, where you upload a shell.php.jpg, or type ’ or 1=1– at a login screen; or so we thought.

In this blog, we detail how typing a single space in ETQ Reliance’s login screen allows full access to the SYSTEM account, as well as some other bugs we found along the way.

ETQ Reliance describes itself as quality management software. At its core is a system for document and form management, allowing you to store all your documents in one place. It’s all tied together with a form builder UI, integrations like macros for Microsoft Word, and a system for customization based on Jython (more on that later!).

Despite being fairly popular, the product has not received much attention from security researchers; not a single CVE has been registered for it. Nevertheless, here at Assetnote, the prospect of analysing a product containing tens of thousands of documents exposed on the internet proved tempting, so we dived in and took a look.

To read the complete article see: How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance.