OpenDaylight SQL Injection

2018.05.25
Credit: Jameel Nabbo
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: OpenDaylight SQL Injection # Date: 2018-05-24 # Exploit Author: JameelNabbo # Website: jameelnabbo.com # Vendor Homepage: https://www.opendaylight.org # CVE: CVE-2018-1132 intro: OpenDaylight (ODL) is a modular open platform for customizing and automating networks of any size and scale. The OpenDaylight Project arose out of the SDN movement, with a clear focus on network programmability. It was designed from the outset as a foundation for commercial solutions that address a variety of use cases in existing network environments. attackers can SQL inject the component's database(SQLite) without authenticating to the controller or SDNInterfaceapp. The bug is in /impl/src/main/java/org/opendaylight/sdninterfaceapp/impl/database/SdniDataBase.java (line 373~391) The SDNI concats port information to build an insert SQL query, and it executes the query in SQLite. However, in line 386, the portName is a string that can be customized by switches. Since SQLite supports multiple sql queries in one run, attackers can customize the port name to inject another SQL if they compromise or forge a switch. POC: For example, he can set portName as: ");drop table NAME;//


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top