lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAK7Un3+3-FPe59n5Abnjy+JL8VoaHRw1dFV+HoNZdxXNkE6LXQ@mail.gmail.com>
Date: Thu, 12 Sep 2013 21:11:54 +0530
From: YOGESH PHADTARE <yog4567@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Kwok Information Server Blind Sql Injection

##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+##
||                                                                  ||
|| Exploit Title      : Kwok Information Server Blind Sql Injection ||
|| Vendor Homepage    : http://www.kwoksys.com/index.php            ||
|| Affected Version   : 2.7.3 & 2.8.4                               ||
|| Risk               : Medium                                      ||
|| Tested on          : Windows 7                                   ||
|| CVE-ID             : 2013-5028                                   ||
|| Exploit Author     : Yogesh Phadtare                             ||
||                      Secur-I Research Group                      ||
||                      http://securview.com/                       ||
##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+##

==========================================================================================================

Product Description:

Kwok Information Server is an open source IT management system,
providing a single application for managing IT assets, software
licenses, contracts, issues, contacts. Additional modules include
portal, RSS, blogging. (from product home page)

==========================================================================================================

Vulnerability Description:

A Blind SQL Injection vulnerability has been detected in Kwok
Information Server. Application failed to sanitize user supplied input
in parameters "hardwareType", "hardwareStatus" and "hardwareLocation"
of page hardware-index.

User must be authenticated to exploit this vulnerability.

This vulnerability was tested with Kwok Information Server 2.7.3 and
2.8.4. Other versions may also be affected.

===========================================================================================================

Impact:

Successful exploitation of this vulnerability will allow a remote
authenticated attacker to extract
sensitive and confidential data from the database.

===========================================================================================================

Proof of Concept:

1]
Url: http://10.10.75.59:8080/kwok/IT/hardware-list.dll?cmd=search&hardwareType=49[Inject
Payload Here]

2]
Url: http://10.10.75.59:8080/kwok/IT/hardware-list.dll?cmd=search&hardwareStatus=0[Inject
Payload Here]

3]
Url: http://10.10.75.59:8080/kwok/IT/hardware-list.dll?cmd=search&hardwareLocation=0[Inject
Payload Here]


===========================================================================================================

Solution:

This vulnerability has been fixed in version 2.8.5 of Kwok Information Server.

===========================================================================================================

Disclosure Timeline:
~Vendor notification: 31st July
~Vendor response: 31st July
~Vendor released updates: 7th August
~Public disclosure: 12th September
===========================================================================================================

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ