Procentia IntelliPen /Resources/System/Templates/Data.aspx脚本"value"参数S
发布日期:2014-03-12
更新日期:2014-03-14
受影响系统:Procentia IntelliPen 1.1.12.1520
描述:
CVE(CAN) ID:
CVE-2014-2043
Procentia IntelliPen是养老金管理解决方案。
Procentia IntelliPen的/Resources/System/Templates/Data.aspx脚本没有正确过滤 'value'参数值,在实现上存在SQL注入漏洞,经过身份验证的远程攻击者可利用此漏洞在后端数据库内操纵SQL查询。
<*来源:Jerzy Kramarz
链接:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2043/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
CVE: CVE-2014-2043
Vendor: Procentia
Product: IntelliPen
Affected version: 1.1.12.1520
Fixed version: 1.1.18.1658
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database.
The following URL and parameters have been confirmed to suffer from Blind SQL injection.
http[s]://<host>/Resources/System/Templates/Data.aspx?DocID=1&field=JobID&value=1<SQL INJECTION>&JobID=1&ParentDocID=1694&InTab=1&ParentKey=JobNumber&NoStore=1&Popup=1
This vulnerability exists because ‘value’ variable is not sanitised before it is used as part of an SQL query to retrived specific job information.
Impact:
An attacker would be able to exfiltrate the database, user credentials and in certain setup access the underling operating system.
Exploit:
Exploit code is not required.
Vendor status:
07/01/2014 Advisory created
16/01/2014 Vendor contacted
21/02/2014 CVE obtained
07/03/2014 Published
建议:
厂商补丁:
Procentia
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://www.portcullis-security.com
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2043/浏览次数:2489
严重程度:0(网友投票)
