My First CVE: CVE-2023–30256

Astik Rawat
4 min readMay 22, 2023

Hi everyone, this time I am back with an exciting new. Few weeks ago I got my first CVE. It felt like a great achievement for me and I wanted to share you my journey towards it and also how can you apply for CVE if you have found any findings on any application.

CVE-2023–30256

Background

I would like to share my background first as my past learning experience was quite helpful to be honest. But never think it is compulsory in any means honestly. I have done some source code review — mostly for OSWE preparation and many web application penetration testing in the past.

Honestly, if you are good to go for web application testing it is good enough to choose any web application and get started. Of course if you have good understanding of reading source code and understanding them then it would be quite helpful for troubleshooting payload and understanding the parameters which are user controlled.

How and Why I chose Webkul: Qloapps

So I was reading a blog from Joe Helle on How one night he was bored at night and found 2 CVEs. If you don't know Joe Helle, he is also called themayor on social media — Do check him out he has one of the great content online for cybersecurity beginners. So yes, I was reading the blog and saw he researched for Open source Hotel FOSS systems. I did the same just to look around for any open source applications, I came across the same blog post which Joe used himself. He went with the 3rd Application- HotelDruid. So I just went with the 4th Option here which was QloApps.

Capterra: 4 Popular Open Source and Free Hotel Management Software Solutions

Now All I had to do is install the system locally on my system. I used XAMPP — as it was easy to use and was very straight forward.

Finding the CVE

Once I was able to get access locally to qloapps. I started with looking at admin panel, so I can find any LFI or RCE. After few hours, I didn’t make much progress. So I went to look at the normal search parameter for SQLi and again nothing. I didn’t do much source code review honestly else I would have saved some time and found it few hours before.
So at the end I was just…

--

--

Astik Rawat

Security Consultant | OSWE | OSCP | OSWP | CRT | BSCP | PNPT | eMAPT | PJPT | CPENT | eJPT | CEH Master | CPSA | Network+ | Multiple CVEs