======================
Kerio Control <= 8.3.1 Boolean-based blind SQL Injection
Primary Informations:
======================
Product Name: Kerio Control
Software Description: Kerio Control brings together multiple capabilities
including a network firewall and router, intrusion detection and
prevention (IPS), gateway anti-virus, VPN and content filtering. These
comprehensive capabilities and unmatched deployment flexibility make
Kerio Control the ideal choice for small and mid-sized businesses.
Affected Version: Latest Version - 8.3.1 (released on 2014-05-20)
Vendor Website: http://kerio.com
Vulnerability Type: Boolean-based blind SQL Injection
Severity Level: Very High
Exploitation Technique: Remote
CVE-ID: CVE-2014-3857
Discovered By: Khashayar Fereidani
Main Reference: http://fereidani.com/articles/
Researcher's Websites: http://fereidani.com http://fereidani.ir
http://und3rfl0w.com http://ircrash.com
Researcher's Email: info [ a t ] fereidani [ d o t ] com
Technical Details:
=======================
Kerio Control suffers from a SQL Injection Vulnerability which can lead to gain users
sensitive informations like passwords , to use this vulnerability attacker need a
valid client username and password .
Vulnerable path: /print.php
Vulnerable variables: x_16 and x_17
HTTP Method: GET
Proof Of Concept:
=======================
Blind Test:
TRUE: https://[SERVER IP]:4081/print.php?x_w=
FALSE: https://[SERVER IP]:4081/print.php?x_w=
Solution:
========================
Valid escaping variables or type checking for integer
Exploit:
========================
Private
Vulnerability Disclosure Timeline:
==============================
May 30 2014 - Disclosure
May 31 2014 - Received a CVE ID
May 31 2014 - Initial Report to Kerio Security Team
June 3 2014 - Support team replied fix is planned to be included in a future release
June 30 2014 - Patched
July 1 2014 - Publication
Komentarų nėra:
Rašyti komentarą