Netsweeper 2.6.29.8 - SQL Injection Vulnerability

+-------------------------------------+
+ Netsweeper 2.6.29.8 - SQL Injection +
+-------------------------------------+
Affected Product: Netsweeper
Vendor Homepage	: www.netsweeper.com
Version 	: 2.6.29.8 (and probably other versions)
Discovered by	: Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
Patched      	: Yes
CVE		: CVE-2014-9613, CVE-2014-9614

+---------------------+
+ Product Description +
+---------------------+
Netsweeper is a software solution specialized in content filtering.

+----------------------+
+ Exploitation Details +
+----------------------+
Two specific parameters in two pages of Netsweeper Content Filtering solution v2.6.29.8 (and probable earlier versions) are vulnerable to SQL injection.
Condition: The exploitation can be performed by any non-authenticated user with access to the vulnerable pages (usually from everyone).

Vulnerability Type: SQL Injection [SQLi-I]
Vulnerable Page I: http://netsweeper/webadmin/auth/verification.php
Vulnerable POST Parameter: login

Vulnerability Type: SQL Injection [SQLi-II]
Vulnerable Page II: http://netsweeper/webadmin/deny/index.php
Vulnerable POST Parameter: dpid

+--------------------------------------------+
+ Netsweeper 2.6.29.8 - Default Weak Account +
+--------------------------------------------+

Version 2.6.29.8 (and probably other versions both earlier and later eg on v4.0.5) found having a default account enabled using weak credentials for the Web Panel.
URL: http://<netsweeper>/webadmin/ 
Username/Password: branding/branding

+----------+
+ Solution +
+----------+
Upgrade to latest version.

#  0day.today [2018-02-06]  #