Posts Tagged SQL Injection

McAfee ePolicy Orchestrator 4.6.4 and earlier pre-authenticated SQL injection and directory path traversal vulnerabilities

Vulnerability Note VU#209131

Overview

McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticated sql injection and directory path traversal vulnerability which could allow an attacker to inject malicious code into the system.

Description

McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticated sql injection and directory path traversal vulnerability:

1. Server-side pre-Authenticated SQL Injection within the Agent-Handler component (Agent-Server communication channel).
The attack is performed by registering a rogue Agent to the ePolicy Orchestrator server, and sending a crafted HTTP request to the ePolicy Orchestrator server. Successful attacks allow remote attackers to retrieve sensitive information from the ePo database (such as administrative domain credentials), to create additional web console administrator accounts, and to perform remote code execution with SYSTEM privilege. CVE-2013-0140

2. Server-side pre-Authenticated Directory Path Traversal within File upload process.
The attack is performed by registering a rogue Agent to the ePolicy Orchestrator server, and sending a crafted HTTP request to the ePolicy Orchestrator server. Successful attacks allow remote attackers to upload unrestricted file content. A typical scenario would be to store malicious files under /Software/ folder, to make them available for download from the ePolicy Orchestrator server. CVE-2013-0141

Read the entire article here.

, ,

2 Comments

Advanced SQL Injection

My friend Pedro Claudio posted a link on my Facebook Wall about this presentation made by Bernardo D. A. GuimarĂ£es at the Black Hat Briefings Europe, Amsterdam in April 2009. I found it interesting and here is the slide presentation:

, , ,

1 Comment

SQL Injection Hack using CAST from 1.verynx.cn

I found some interesting articles about this hacker attack using SQL injection and I’m aggregating them here. I got this custom tag from “Por que CF” (Why CF) written by Pedro Claudio (CF-Brasil), and here is its usage:
<cf_DisableSQLInjection> Block and log the results
<cf_DisableSQLInjection mailto=“e-mail,e-mail,e-mail,e-mail”>Block, log and send e-mail
<cf_DisableSQLInjection mailto=“e-mail,e-mail,e-mail,e-mail” mailfrom=“mail”>Block, log and send e-mail
<cf_DisableSQLInjection mailto=“e-mail” mailfrom=“mail” title=“Erro 404″ >Block, log, and send email with a title
<cf_DisableSQLInjection mailto=“e-mail” mailfrom=“mail” title=“Erro 404″ message=<h3>Erro 404 – page not found</h3> >Block, log, send a message with title and HTML message

Download the custom tag here.

There is another excellent article with examples by Devit!.

, ,

No Comments