Black & White Path

Mar 16, 2026 · Information Security

How I Discovered and Exploited a 0‑Day in an EIS Office Platform

The article walks through setting up a Windows 2012 IIS environment, reverse‑engineering the product’s 3DES license check, analyzing web.config permissions, and uncovering multiple vulnerabilities—including SSRF, several SQL injections, and arbitrary file‑upload flaws—culminating in a full bypass of the EIS system’s authentication.