lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <565304D4.5080101@sba-research.org>
Date: Mon, 23 Nov 2015 13:21:40 +0100
From: SBA Research Advisory <advisory@...-research.org>
To: <fulldisclosure@...lists.org>
Subject: [FD] : CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin

### RXTEC_20150513 #### Title: SQL injection vulnerability in the RXTEC RXAdmin Login Page  allows remote attackers to execute arbitrary SQL commands via several HTTP parameter.
#### Type of vulnerability: SQL injection
##### Attack outcome: It is possible to extract all information from the database in use by the application.
Depending on the configuration of the SQL server arbitrary code execution might be possible.
#### Impact: Critical
#### Software/Product name: RXTEC RXAdmin Login 
#### Affected versions: UPDATE : 06 / 2012
#### Fixed in version: *unknown* #### Vendor: RXTEC (www.rxtec.net)
#### CVE number: CVE-2015-8298
#### Timeline * `2015-04-30` identification of vulnerability 
* `2015-05-11` vendor contact (won't fix because of outdated version)
* `2015-07-14` contact cve-request@...re.

#### Credits: Thomas Konrad `tkonrad@...-research.org` (SBA Research)  
 
#### Description: The following parameters are affectey by the vulnerability:

* /index.htm (loginpassword parameter)
* /index.htm (loginusername parameter)
* /index.htm (zusätzlicher parameter)
* /index.htm (zusätzlicher parameter)
* /index.htm (rxtec cookie)
* /index.htm (groupid parameter)

#### Proof-of-concept: *none*


Download attachment "0x58F775B2.asc" of type "application/pgp-keys" (3499 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ