[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Pearson eSIS Enterprise Student Information System SQL Injection
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Pearson eSIS Enterprise Student Information System SQL Injection
- From: tudor.enache@xxxxxxxxxx
- Date: Sun, 6 Apr 2014 06:43:19 GMT
Advisory ID: hag201478
Product: Pearson eSIS Enterprise Student Information System
Vendor: PearsonVue
Vulnerable Version(s): Any version
Advisory Publication: April 06, 2014
Vendor Notification: March 05, 2014
Public Disclosure: April 06, 2014
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL
Command [CWE-89]
CVE Reference: CVE-2014-1455
Risk Level: Medium
CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution not yet released
Discovered and Provided: Ali Hussein and Tudor Enache from Help AG Middle East
------------------------------------------------------------------------
-----------------------
about the vendor:
Pearson VUE provides a full suite of services from test development to data
management, and delivers exams through the world?s most comprehensive and
secure network of test centers in 175 countries. Pearson VUE is a business of
Pearson (NYSE: PSO; LSE: PSON), the world's leading learning company.
Advisory Details:
During a Pentest Help AG discovered the following:
SQL Injection in password reset. The context in which the unsanitized new
password was sent was an ?ALTER USER? statement. We were able to lock/unlock
the current user, grant database level roles and guess tablespaces and users by
creating custom SQL commands
1) SQL Injection in Pearson eSIS Enterprise Student Information System password
reset: CVE-2014-1455
To reproduce the issue any user can access the passwor reset functionality,
intercept the request with a local http proxy and change the new password with
any payload that is suitable in an ALTER USER oracle statement.
By using the above technique hacker could be able to: lock/unlock current
account, guess proxy users, guess tablespaces, guess tablespaces, users, roles
and alter the authentication type of the current user
--------------------------------------------------
-----------------------
Solution:
The vendor was notified, contact the vendor for the patch details
------------------------------------------------------------------------
-----------------------
References:
[1] help AG middle East http://www.helpag.com/.
[2] Peason eSIS http://www.pearsonschoolsystems.com/products/esis/
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ -
international in scope and free for public use, CVE® is a dictionary of
publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to
developers and security practitioners, CWE is a formal list of software
weakness types.
------------------------------------------------------------------------
-----------------------
Disclaimer: The information provided in this Advisory is provided "as is" and
without any warranty of any kind. Details of this Advisory may be updated in
order to provide as accurate information as possible.