Home / exploitsPDF  

ManageEngine Password Manager Pro 8.1 SQL Injection

Posted on 01 July 2015

Title: ManageEngine Password Manager Pro SQL 8.1 Injection vulnerability Author: Blazej Adamczyk (br0x) Date: 2015-06-30 Download site: https://www.manageengine.com/products/passwordmanagerpro/download.html Version: 8.1 and below Vendor: https://www.manageengine.com/products/passwordmanagerpro/ Vendor Notified: 2015-06-30 Vendor Contact: passwordmanagerpro-support@manageengine.com Description: An authenticated user (even the guest user) is able to execute arbitrary SQL code using a forged request to the SQLAdvancedALSearchResult.cc. The SQL query is build manually and is not escaped properly in the AdvanceSearch.class of AdventNetPassTrix.jar. Details: The problem is with escaping the operator when more then one condition is specified in the advanced search. The broken url: https://localhost:7272/STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc?ANDOR=***HERE_INJECT***&condition_1=Ptrx_Resource@RESOURCENAME&operator_1=CONTAINS&value_1=asd&condition_2=Ptrx_Resource@RESOURCENAME&operator_2=CONTAINS&value_2=asd2&FLAG=TRUE&COUNT=2&USERID=***USERID***&ADVSEARCH=true&SUBREQUEST=XMLHTTP -- Regards, Blazej Adamczyk blazej.adamczyk@gmail.com PGP: 0x7423F7B7 (pgp.mit.edu) Fingerprint=CBAF 608A E20B 06F2 C172 A853 B70E 6F79 7423 F7B7

 

TOP