niedziela, 5 listopada 2017

SQL Injection in ManageEngine Applications Manager 13

This morning I decided to start some new "challenge" related to webapp pentesting. That's how I found latest version of ManageEngine Applications Manager.(You can grab a copy here.) Below you will find some 'results'...

TL;DR - Below you will find some details about an SQL Injection bug I found in admin's panel.

Idea was simple: coffee + Burp + Sunday 5:00AM ;]

Grabbed request to webapp look like this:

To 'verify' the bug I used sqlmap, see below:

"Unfortunately" ;] the bug is accessible only from 'logged in' user(s) but maybe later I will find something else...

As far as I know, running this request (like sqlmap -r asd --sql-shell) should work as well.

In case of any questions/feedback/comments - feel free to find me @twitter.

*Update (9:22)*
Another SQLi bug - this time when you will access page:

Here you will find full request. Enjoy. ;]

*Update (9:34)*

Looks like a 3rd one. well... :]

*Update (19:44)*
According to CVE Mitre we can target this vulnerability now as CVE-2017-16542 
(and CVE-2017-16543) .


Brak komentarzy:

Prześlij komentarz