| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Apr 8 20:25:47 2005
From: famato at infobyte.com.ar (Francisco Amato)
Subject: [ISR] - SiteProtector Console Sql-Injection
||
|| [ISR]
|| Infobyte Security Research
|| www.infobyte.com.ar
|| 04.08.2005
||
.:: SUMMARY
ISS - SiteProtector Console Sql-Injection
Version: 2.0.5.690, It is suspected that all previous versions of
SiteProtector Console
are vulnerable.
.:: BACKGROUND
SiteProtector is a security management system that provides a centralized
view and analysis of network,
server, and desktop protection agents and appliances.
http://www.iss.com
.:: DESCRIPTION
A Sql-injection vulnerability affect SiteProtector Console
This issue is due to a failure of the application to securely copy
user-supplied data into
fields "Tag Name" and "Object Name" of Incidents/Exception that user create
or modify.
Simple string use: "'"
Error that display when it make the injection:
######################BEGIN############################
A Database or SQL Error occurred while working with Site Rules.
net.iss.rssp.gui.site.analysis.exceptions.CommonSiteRuleException
at
net.iss.rssp.gui.site.analysis.AnalysisDataManager.throwCommonSiteRuleExcept
ion(AnalysisDataManager.java:442)
at
net.iss.rssp.gui.site.analysis.AnalysisDataManager.createSiteFilter(Analysis
DataManager.java:350)
at
net.iss.rssp.gui.site.analysis.command.AddEditSiteRuleCommand.execute(AddEdi
tSiteRuleCommand.java:48)
at
net.iss.command.CommandTemplate.templateExecute(CommandTemplate.java:179)
at net.iss.command.CommandHandler.executeCommand(CommandHandler.java:148)
at net.iss.command.CommandHandler.run(CommandHandler.java:116)
A database error occurred in the method "createNewSiteRule".
net.iss.rssp.entity.exceptions.SiteRuleException
at
net.iss.rssp.server.AnalysisManager.addExceptionFilter(AnalysisManager.java:
357)
at
net.iss.rssp.remote.impl.AnalysisBrokerImpl.addExceptionFilter(AnalysisBroke
rImpl.java:211)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
net.iss.rssp.security.server.SecureAdaptorAction.run(SecureAdaptorAction.jav
a:22)
at
net.iss.rssp.security.server.SecureAdaptorImpl.invoke(SecureAdaptorImpl.java
:114)
at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Database Error
SQL State = 42000
Vendor code = 105
Vendor msg = [42000][Microsoft][ODBC SQL Server Driver][SQL
Server]Unclosed quotation mark before the character
string '')
AND NOT EXISTS (SELECT 1
FROM ObservanceSiteFilters OSF WITH (NOLOCK)
WHERE OSF.ObservanceID = OB.ObservanceID
AND OSF.SiteFilterRuleID = 853)'.
net.iss.rssp.db.DataAccessException
at
net.iss.rssp.server.database.DatabaseObjectHandlerBase.handleSQLException(Da
tabaseObjectHandlerBase.java:75)
at
net.iss.rssp.server.database.SiteFilterHandler.write(SiteFilterHandler.java:
134)
at
net.iss.rssp.server.AnalysisManager.addExceptionFilter(AnalysisManager.java:
348)
at
net.iss.rssp.remote.impl.AnalysisBrokerImpl.addExceptionFilter(AnalysisBroke
rImpl.java:211)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
net.iss.rssp.security.server.SecureAdaptorAction.run(SecureAdaptorAction.jav
a:22)
at
net.iss.rssp.security.server.SecureAdaptorImpl.invoke(SecureAdaptorImpl.java
:114)
at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Error Inserting into table ObservanceSiteFilters Code: 52000 DB Key: 0
java.sql.SQLException: [42000][Microsoft][ODBC SQL Server Driver][SQL
Server]Unclosed quotation mark before the
character string '')
AND NOT EXISTS (SELECT 1
FROM ObservanceSiteFilters OSF WITH (NOLOCK)
WHERE OSF.ObservanceID = OB.ObservanceID
AND OSF.SiteFilterRuleID = 853)'.
at ids.sql.IDSSocket.error(IDSSocket.java:325)
at ids.sql.IDSSocket.verify(IDSSocket.java:270)
at ids.sql.IDSPrepared.execute(IDSPrepared.java:578)
at ids.sql.IDSPrepared.execute(IDSPrepared.java:559)
at
net.iss.rssp.server.database.SiteFilterHandler.write(SiteFilterHandler.java:
103)
at
net.iss.rssp.server.AnalysisManager.addExceptionFilter(AnalysisManager.java:
348)
at
net.iss.rssp.remote.impl.AnalysisBrokerImpl.addExceptionFilter(AnalysisBroke
rImpl.java:211)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
net.iss.rssp.security.server.SecureAdaptorAction.run(SecureAdaptorAction.jav
a:22)
at
net.iss.rssp.security.server.SecureAdaptorImpl.invoke(SecureAdaptorImpl.java
:114)
at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.sql.SQLException: [42000][Microsoft][ODBC SQL Server Driver][SQL
Server]Unclosed quotation mark before the
character string '')
AND NOT EXISTS (SELECT 1
FROM ObservanceSiteFilters OSF WITH (NOLOCK)
WHERE OSF.ObservanceID = OB.ObservanceID
AND OSF.SiteFilterRuleID = 853)'.
at ids.sql.IDSSocket.error(IDSSocket.java:325)
at ids.sql.IDSSocket.verify(IDSSocket.java:270)
at ids.sql.IDSPrepared.execute(IDSPrepared.java:578)
at ids.sql.IDSPrepared.execute(IDSPrepared.java:559)
at
net.iss.rssp.server.database.SiteFilterHandler.write(SiteFilterHandler.java:
103)
at
net.iss.rssp.server.AnalysisManager.addExceptionFilter(AnalysisManager.java:
348)
at
net.iss.rssp.remote.impl.AnalysisBrokerImpl.addExceptionFilter(AnalysisBroke
rImpl.java:211)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
net.iss.rssp.security.server.SecureAdaptorAction.run(SecureAdaptorAction.jav
a:22)
at
net.iss.rssp.security.server.SecureAdaptorImpl.invoke(SecureAdaptorImpl.java
:114)
at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.sql.SQLException: [42000][Microsoft][ODBC SQL Server Driver][SQL
Server]Line 10: Incorrect syntax near '')
AND NOT EXISTS (SELECT 1
FROM ObservanceSiteFilters OSF WITH (NOLOCK)
WHERE OSF.ObservanceID = OB.ObservanceID
AND O'.
at ids.sql.IDSSocket.error(IDSSocket.java:325)
at ids.sql.IDSSocket.verify(IDSSocket.java:270)
at ids.sql.IDSPrepared.execute(IDSPrepared.java:578)
at ids.sql.IDSPrepared.execute(IDSPrepared.java:559)
at
net.iss.rssp.server.database.SiteFilterHandler.write(SiteFilterHandler.java:
103)
at
net.iss.rssp.server.AnalysisManager.addExceptionFilter(AnalysisManager.java:
348)
at
net.iss.rssp.remote.impl.AnalysisBrokerImpl.addExceptionFilter(AnalysisBroke
rImpl.java:211)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
net.iss.rssp.security.server.SecureAdaptorAction.run(SecureAdaptorAction.jav
a:22)
at
net.iss.rssp.security.server.SecureAdaptorImpl.invoke(SecureAdaptorImpl.java
:114)
at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
#######################END#############################
.:: EXTRA
We did not find any way to perform any unautorized actions or gain
additional privileges
.:: DISCLOSURE TIMELINE
04/01/2005 Initial vendor notification
04/06/2005 Initial vendor response
04/08/2005 Public disclosure
.:: CREDIT
Francisco Amato is credited with discovering this vulnerability.
famato][at][infobyte][dot][com][dot][ar
.:: LEGAL NOTICES
Copyright (c) 2005 by [ISR] Infobyte Security Research.
Permission to redistribute this alert electronically is granted as long as
it is not
edited in any way unless authorized by Infobyte Security Research Response.
Reprinting the whole or part of this alert in any medium other than
electronically
requires permission from infobyte com ar
Disclaimer
The information in the advisory is believed to be accurate at the time of
publishing
based on currently available information. Use of the information constitutes
acceptance
for use in an AS IS condition. There are no warranties with regard to this
information.
Neither the author nor the publisher accepts any liability for any direct,
indirect, or
consequential loss or damage arising from use of, or reliance on, this
information.
Powered by blists - more mailing lists