Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormYoroiPACKETSTORM:142505
HistoryMay 15, 2017 - 12:00 a.m.

INFOR EAM 11.0 Build 201410 SQL Injection

2017-05-1500:00:00
Yoroi
packetstormsecurity.com
20

0.001 Low

EPSS

Percentile

44.2%

JSON
`SQL injection in INFOR EAM V11.0 Build 201410 search fields (web/base/..)   
via filtervalue parameter  
-------------------  
Assigned CVE: CVE-2017-7952  
  
Reproduction steps:  
-------------------  
1. Log in with your EAM account  
2. Go to any page with a search or filter field in it (for example   
web/base/WSJOBS.xmlhttp)   
3. Make any search and intercept the request with a proxy   
4. In the intercepted request, replace the value of "filteroperator"   
parameter with IN.  
5. The "filtervalue" become vulnerable to SQL Injection  
  
Example:  
-------------------  
URL:http://<EAM_IP>/web/base/WSJOBS.xmlhttp  
POST DATA:   
GRID_ID=<ID>&GRID_NAME=WSJOBS&DATASPY_ID=<ID>&USER_FUNCTION_NAME=WSJOBS&SYSTEM_FUNCTION_NAME=WSJOBS&CURRENT_TAB_NAME=LST&COMPONENT_INFO_TYPE=DATA_ONLY&filterfields=<field>&filteroperator=IN&filtervalue=<injection   
point>  
  
Exploitability  
-------------------  
Since the SQL injection vulnerability is available for any logged users, an   
attacker needs a valid credential to exploit that vulnerability. By   
exploiting that SQL Injection the attacker could obtain any available data   
(even if they donat belongs directly to him), eventually deleting and   
replacing data as well.  
  
Impact  
-------------------  
This vulnerability allows full database access. It includes sensitive   
information that normally should be accessed by specific users.  
An attacker could dump the user table, which contains usernames and   
password hashes, and proceed to bruteforcing passwords offline and could   
possibly obtain administrative credentials, or could access private files   
or personal details such as: telephone numbers, physical address and   
private assets.  
Obtaining administrative credentials would allow an attacker to perform   
actions like: add or deleting users, jobs, and everything else an admin can   
do.  
By having access to sensible information the attacker could eventually   
pivoting them to perform further attacks on different target assets.  
  
Disclosure timeline  
-------------------  
  
26.04.2017 Vulnerability reported to vendor  
15.05.2017 Advisory published  
  
  
`

Related

zdt 1
prion 1
nvd 1
cvelist 1
cve 1
exploitpack 1
exploitdb 1
zdt
zdt
INFOR EAM 11.0 Build 201410 - filtervalue SQL Injection Vulnerability
2017-05-17 00:00:00
prion
prion
Sql injection
2017-05-16 10:29:00
nvd
nvd
CVE-2017-7952
2017-05-16 10:29:00
cvelist
cvelist
CVE-2017-7952
2017-05-16 10:00:00
cve
cve
CVE-2017-7952
2017-05-16 10:29:00
exploitpack
exploitpack
INFOR EAM 11.0 Build 201410 - filtervalue SQL Injection
2017-05-17 00:00:00
exploitdb
exploitdb
INFOR EAM 11.0 Build 201410 - &#039;filtervalue&#039; SQL Injection
2017-05-17 00:00:00

0.001 Low

EPSS

Percentile

44.2%

JSON
Related for PACKETSTORM:142505
zdt1prion1nvd1cvelist1cve1exploitpack1exploitdb1