Netsweeper 4.0.8 – Authentication Bypass (via New Profile Creation)

  • 作者: Anastasios Monachos
    日期: 2015-08-21
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/37933/
  • +-----------------------------------------------------------------+
    + Netsweeper 4.0.8 - Authentication Bypass (New Profile Creation) +
    +-----------------------------------------------------------------+
    Affected Product: Netsweeper
    Vendor Homepage : www.netsweeper.com
    Version 	: 4.0.8 (and probably other versions)
    Discovered by	: Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
    Patched	: Yes
    CVE		: CVE-2014-9618
    
    +---------------------+
    + Product Description +
    +---------------------+
    Netsweeper is a software solution specialized in content filtering.
    
    +----------------------+
    + Exploitation Details +
    +----------------------+
    Netsweeper's 4.0.8 (and probably other versions) Client Filter Admin portal can be reached at http://netsweeper/webadmin/clientlogin/ and a username/password combination is required to Add a Profile, by setting the "action" parameter to "showdeny" it will force the admin interface to load and subsequently allow any non-authenticated user to create a new profile.
    
    URL Path: http://netsweeper/webadmin/clientlogin/?srid=&action=showdeny&url=
    
    +----------+
    + Solution +
    +----------+
    Upgrade to latest version.
    
    +---------------------+
    + Disclosure Timeline +
    +---------------------+
    24-Nov-2014: Initial Communication
    03-Dec-2014: Netsweeper responded
    03-Dec-2014: Shared full details to replicate the issue
    10-Dec-2014: Netsweeper fixed the issue in releases 3.1.10, 4.0.9, 4.1.2
    17-Dec-2014: New releases 3.1.10, 4.0.9, 4.1.2 made available to the public
    18-Dec-2014: Confirm fix
    17-Jan-2015: CVE assigned CVE-2014-9618
    11-Aug-2015: Public disclosure