Netsweeper 4.0.4 – SQL Injection

• Exploit Database
• 14 阅读

• 作者： Anastasios Monachos
  日期： 2015-08-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/37927/

• +----------------------------------+
  + Netsweeper 4.0.4 - SQL Injection +
  +----------------------------------+
  Affected Product: Netsweeper
  Vendor Homepage : www.netsweeper.com
  Version 	: 4.0.4 (and probably other versions)
  Discovered by	: Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
  Patched	: Yes
  CVE		: CVE-2014-9612
  
  +---------------------+
  + Product Description +
  +---------------------+
  Netsweeper is a software solution specialized in content filtering.
  
  +----------------------+
  + Exploitation Details +
  +----------------------+
  Once specific parameter in Netsweeper 3.0.6, 4.0.3 and 4.0.4 (and probably other versions) was identified being vulnerable to SQL injection attacks.
  Condition: The exploitation can be performed by any non-authenticated user with access to the vulnerable pages (usually from everyone).
  
  Vulnerable Page: http://netsweeper:8080/remotereporter/load_logfiles.php?server=<SQLi>&url=a
  Vulnerable GET Parameter: server
  
  +----------+
  + Solution +
  +----------+
  Upgrade to latest version.
  
  +---------------------+
  + Disclosure Timeline +
  +---------------------+
  24-Nov-2014: Initial Communication
  03-Dec-2014: Netsweeper responded
  03-Dec-2014: Shared full details to replicate the issue
  10-Dec-2014: Netsweeper fixed the issue in releases 3.1.10, 4.0.9, 4.1.2
  17-Dec-2014: New releases 3.1.10, 4.0.9, 4.1.2 made available to the public
  18-Dec-2014: Confirm fix
  17-Jan-2015: CVE assigned CVE-2014-9612
  11-Aug-2015: Public disclosure