Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ConnX SQL Injection

🗓️ 02 Apr 2009 00:00:00Reported by Patrick WebsterType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

SQL Injection in ConnX HR and Payroll Syste

Code
`aushack.com - Vulnerability Advisory  
-----------------------------------------------  
Release Date:  
03-Apr-2009  
  
Software:  
Q2 Solutions - ConnX  
http://www.q2solutions.com.au/  
  
"ConnX is a ready built internet/intranet solution that empowers employees and  
management to view and update HR and Payroll information. Internal  
communications  
are improved by providing easy access to Company and personal information for  
all employees."  
  
Versions tested:  
Version 4.0.20080606 has been confirmed as vulnerable. Other versions untested.  
  
Vulnerability discovered:  
  
SQL Injection  
  
Vulnerability impact:  
  
High - SQL Injection in backend database. Impact depends on the  
security and configuration of the database. It may be possible  
to execute code using functons such as xp_cmdshell in poorly  
configured hosts. Other attacks possible include obtaining read  
or write access to employee data or payroll.  
  
Vulnerability information:  
  
The 'txtEmail' HTML form input POST parameter of password reminder form  
'frmLoginPwdReminderPopup.aspx' is vulnerable to SQL injection.  
  
Example:  
  
Submitting:  
  
' union select @@version;--  
  
To:  
  
http://connx.[victim].com/frmLoginPwdReminderPopup.aspx  
  
Returns:  
  
"Error retrieving password reminder. Syntax error converting the nvarchar  
value 'Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53  
Copyright (c) 1988-2003 Microsoft Corporation Desktop Engine on Windows NT 5.2  
(Build 3790: Service Pack 2) ' to a column of data type int."  
  
Recommendation:  
  
Vendor refused to comment on whether they would develop a patch or even notify  
existing client base.  
  
Workaround: Remove ConnX server from public Internet access and protect behind  
corporate firewalls, SSL-VPN, web application firewall etc.  
  
References:  
aushack.com advisory  
http://www.aushack.com/200904-q2solutions.txt  
  
Credit:  
Patrick Webster ( [email protected] )  
  
Disclosure timeline:  
30-Oct-2008 - Discovered during audit.  
05-Nov-2008 - Notified vendor. Vendor declined to comment.  
01-Dec-2008 - Submitted full details to vendor.  
18-Dec-2008 - Attempted to contact vendor again for a patch release date.  
18-Dec-2008 - And again...  
18-Dec-2008 - Vendor response, no patch - "We support our clients,  
not independent contractors."  
03-Apr-2009 - Disclosure.  
  
EOF  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Apr 2009 00:00Current
0.1Low risk
Vulners AI Score0.1
connxsql injectionvulnerabilityhrpayrollq2 solutionssecurity advisory
27