# Security Advisory -- Multiple Vulnerabilities - MuM Map Edit ## Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and regional governmental infrastructures to provide geodata to the population. It consists of a silverlight client and a C#.NET backend. The communication between them is HTTP/S based and involves the NBFS (.NET Binary Format SOAP). Link: http://ift.tt/2cYwD1k ## Status/Metrics/Identifier CVE-ID: tbd CVSS v2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C) CVSS Score: 9.0 The CVSS Score reflects the possibility of an attacker to upload web shells and execute them with the privileges of the web server user. ## Author/Credits Paul Baade (TÜV Rheinland i-sec GmbH) Sven Krewitt (TÜV Rheinland i-sec GmbH) ## Fixed Versions According to MuM all described vulnerabilities are fixed in version 6.2.74, some of them are reportedly already fixed in version 5.1. ## Authentication via GET Parameter The application requires users to provide their credentials via GET Parameters. They can therefore possibly be found in server logs or proxy logs. An example URL would be: /Mum.Geo.Services/Start.aspx?AutoUrl=1&Username=TEST&Password=TEST[...] ## Execution of arbitrary SQL commands on contained SQLite DBs The application contains several SQLite databases. An authenticated user may send POST requests to the URL /Mum.Geo.Services/DataAccessService.svc. This service is used to execute SQL queries on the databases. The content of the POST request is encoded in Microsofts NBFS (.NET Binary Format SOAP) and can be decoded to the following XML data: Request:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment