ManageEngine Password Manager Pro version 8.1 suffers from a remote SQL injection vulnerability.
e94365f40db69e762b193722e944c13b07b2ec92c6cd28f2760357708be97129Title: ManageEngine Password Manager Pro SQL 8.1 Injection vulnerability
Author: Blazej Adamczyk (br0x)
Date: 2015-06-30
Download site: https://www.manageengine.com/products/passwordmanagerpro/download.html
Version: 8.1 and below
Vendor: https://www.manageengine.com/products/passwordmanagerpro/
Vendor Notified: 2015-06-30
Vendor Contact: passwordmanagerpro-support@manageengine.com
Description:
An authenticated user (even the guest user) is able to execute arbitrary SQL code using a forged request to the SQLAdvancedALSearchResult.cc.
The SQL query is build manually and is not escaped properly in the AdvanceSearch.class of AdventNetPassTrix.jar.
Details:
The problem is with escaping the operator when more then one condition is specified in the advanced search. The broken url:
https://localhost:7272/STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc?ANDOR=***HERE_INJECT***&condition_1=Ptrx_Resource@RESOURCENAME&operator_1=CONTAINS&value_1=asd&condition_2=Ptrx_Resource@RESOURCENAME&operator_2=CONTAINS&value_2=asd2&FLAG=TRUE&COUNT=2&USERID=***USERID***&ADVSEARCH=true&SUBREQUEST=XMLHTTP
--
Regards,
Blazej Adamczyk
blazej.adamczyk@gmail.com
PGP: 0x7423F7B7 (pgp.mit.edu)
Fingerprint=CBAF 608A E20B 06F2 C172 A853 B70E 6F79 7423 F7B7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed