SalesLogix slxweb.dll/view id Parameter SQL Injection

2004-10-18T09:05:30
ID OSVDB:10945
Type osvdb
Reporter Carl Livitt(carl@agenda-security.co.uk)
Modified 2004-10-18T09:05:30

Description

Vulnerability Description

SalesLogix contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "id" variable in the slxweb.dll module is not verified properly and will allow an attacker to inject or manipulate SQL queries. Database table and field names may also be disclosed resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, SalesLogix has released a patch to address this vulnerability.

Short Description

SalesLogix contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "id" variable in the slxweb.dll module is not verified properly and will allow an attacker to inject or manipulate SQL queries. Database table and field names may also be disclosed resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/scripts/slxweb.dll/view?name=coninfo&id='xyzzy'xyzzy

References:

Vendor URL: http://www.saleslogix.com Vendor Specific Solution URL: http://support.saleslogix.com Security Tracker: 1011769 Secunia Advisory ID:12883 Related OSVDB ID: 10946 Related OSVDB ID: 10949 Related OSVDB ID: 10942 Related OSVDB ID: 10943 Related OSVDB ID: 10947 Related OSVDB ID: 10948 Related OSVDB ID: 10944 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html Keyword: Agenda-Security-Saleslogix-1-2004 CVE-2004-1608