HP Managed Printing Administration img_id Multiple Vulnerabilities

2012-01-05T00:00:00
ID ZDI-12-001
Type zdi
Reporter Andrea Micalizzi aka rgod
Modified 2012-11-09T00:00:00

Description

This vulnerability allows remote attackers to remotely manipulate the application database and delete arbitrary files on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability.

The specific flaw exists and is duplicated within the following scripts:

\Inetpub\wwwroot\hpmpa\mpl\view\config\imglist\imgselect\Default.asp
\Inetpub\wwwroot\hpmpa\mpl\view\config\imgmap\bgselect\Default.asp
\Inetpub\wwwroot\hpmpa\mpl\view\config\imgmap\imgselect\Default.asp

Input via the img_id parameter to the aforementioned scripts can be manipulated to perform SQL injection. Additionally, directory traversal can be used on this parameter to delete arbitrary files.