Ops View Pre 4.4.1 Blind SQL Injection

2013.10.30
Credit: J. Oquendo
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

CVE-2013-5694 Blind SQL Injection in Ops View Version(s): Opsview pre 4.4.1 Author: J. Oquendo (joquendo at e-fensive dot net) I. ADVISORY Title: Blind SQL Injection in OpsView Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsview is a systems management software built on open source software. To minimize noise, read more about it here http://www.opsview.com/about-us II. DESCRIPTION A Blind SQL injection vulnerability exists in OpsView "acknowledge" function. A malicious user can post bad data leading to a database dump, user creation, code execution, etc. POST /status/service/acknowledge HTTP/1.1 Content-Length: 118 Content-Type: application/x-www-form-urlencoded Host: 10.20.30.68:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Opera/5.54 (Windows NT 5.1; U) [en] comment=&from=http%3a%2f%2f10.20.30.68%2fstatus%2fhostgroup&notify=1&service_selection=%24%7dsql injection goes here%7d&submit=Submit For more on BSQLI read about it here: http://en.wikipedia.org/wiki/SQL_injection#Blind_SQL_injection III SOLUTION Opsview released a fix with Opsview 4.4.1 http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF

References:

http://cxsecurity.com/issue/WLB-2013100191


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top