Title: ManageEngine Password Manager Pro SQL 8.1 Injection vulnerability Author: Blazej Adamczyk (br0x) Date: 2015-06-30 Download site: http://ift.tt/1C5DJr2 Version: 8.1 and below Vendor: http://ift.tt/1GKzMU4 Vendor Notified: 2015-06-30 Vendor Contact: passwordmanagerpro-support@manageengine.com Description: An authenticated user (even the guest user) is able to execute arbitrary SQL code using a forged request to the SQLAdvancedALSearchResult.cc. The SQL query is build manually and is not escaped properly in the AdvanceSearch.class of AdventNetPassTrix.jar. Details: The problem is with escaping the operator when more then one condition is specified in the advanced search. The broken url: https://localhost:7272/STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc?ANDOR=***HERE_INJECT***&condition_1=Ptrx_Resource@RESOURCENAME&operator_1=CONTAINS&value_1=asd&condition_2=Ptrx_Resource@RESOURCENAME&operator_2=CONTAINS&value_2=asd2&FLAG=TRUE&COUNT=2&USERID=***USERID***&ADVSEARCH=true&SUBREQUEST=XMLHTTP
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment