openSIS 4.5 - 5.3 SQL Injection vulnerability
=============================================
Author: Ubani Anthony Balogun <ubani () sas upenn edu>
Reported: June 26, 2014
Product Description:
- --------------------
openSIS, is a free student information system that rivals costly
commercial alternatives in looks, functionality, ease of use and
administration
Description of Vulnerability:
- -----------------------------
The openSIS 4.5 and 5.3 /index.php script suffers from a SQL injection
vulnerability that allows a user to modify the original SQL query used
for logging in users.
System impacted:
- ----------------
openSIS versions 4.5 and 5.3 were tested and found to be vulnerable.
Impact:
- -------
Successfully exploiting this vulnerability will allow a malicious user
to bypass authentication and gain access to the system as a privileged
user.
Mitigating Factors:
- -------------------
An exploit to this vulnerability has not yet been developed owing to
the complexity of the index.php code base
Proof of Concept:
- -----------------
1. Install openSIS 4.5 or 5.3
2. navigate to /index.php
3. Attempt to login with the following credentials: Username: ) or
1=('1 & password: '
4. A SQL error is shown displaying a modified SQL query
Vendor Response:
- ---------------
Vendor responds issues will not be fixed in versions < 5.3
- --
Ubani Anthony Balogun
Information Security and Unix Services
University of Pennsylvania
School of Arts and Sciences
3600 Market St.
Suite 501
Philadelphia, PA 19104