| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201510131202.t9DC2TNI015093@sf01web3.securityfocus.com> Date: Tue, 13 Oct 2015 12:02:29 GMT From: wissam.bashour@...pag.com To: bugtraq@...urityfocus.com Subject: Boolean-based SQL injection Vulnerability in K2 Platforms Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 # About the Product: K2 smartforms can pull and push information from line-of-business systems — SharePoint, CRM, SAP and others — and they can be used in the cloud with applications like Salesforce.com. The built-in K2 SmartObject technology allows true reusability of SmartForms components across multiple SmartForms, in multiple applications. # Description: This Boolean-based SQL injection vulnerability enables an anonymous attacker to read sensitive data from the database, and recover the content of a given file present on the DBMS file system. # Vulnerability Class: SQL injection - https://www.owasp.org/index.php/SQL_Injection) # How to Reproduce: (POC): Host the attached code in a webserver. Then go for the xml parameter that calls the AJAXCall.ashx in the smart object for the SharePoint. You can see that the parameter doesn’t sanitize SQL queries. # Disclosure: Discovered: September 20, 2015 Vendor Notification: September 22, 2015 Advisory Publication: October 13, 2015 Public Disclosure: October 15, 2015 # Solution: Upgrade to 4.6.10 or later will fix this issue. The new version number is 4.6.10 (4.12060.1690.2) Release date: June, 2015   # credits: Wissam Bashour Associate Security Analyst Help AG Middle East # Proof of Concept Code: https://raw.githubusercontent.com/Siros96/Boolean-SQL-injection/master/PoC #References: [1] help AG middle East http://www.helpag.com/. [2] http://www.k2.com/ [3] https://www.owasp.org/index.php/SQL_Injection [4] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
Powered by blists - more mailing lists