SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Dokeos Vendors:   dokeos.com
Dokeos Input Validation Flaw in 'language' Parameter Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1029437
SecurityTracker URL:  http://securitytracker.com/id/1029437
CVE Reference:   CVE-2013-6341   (Links to External Site)
Date:  Dec 5 2013
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 2.2 RC2; possibly prior versions
Description:   A vulnerability was reported in Dokeos. A remote user can inject SQL commands.

The software does not properly validate user-supplied input in the 'language' parameter of '/index.php'. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

A demonstration exploit URL is provided:

http://[target]/index.php?language=3D0%27%20UNION%20SELECT%201,2,3,4,version%28%29,6,7,8%20--%202

The vendor was notified on November 27, 2013 without response.

The original advisory is available at:

https://www.htbridge.com/advisory/HTB23181

High-Tech Bridge Security Research Lab reported this vulnerability.

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.dokeos.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  SQL Injection in Dokeos

Advisory ID: HTB23181
Product: Dokeos
Vendor: Dokeos
Vulnerable Version(s): 2.2 RC2 and probably prior
Tested Version: 2.2 RC2
Advisory Publication:  October 30, 2013  [without technical details]
Vendor Notification: October 30, 2013=20
Public Disclosure: November 27, 2013=20
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2013-6341
Risk Level: High=20
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://w=
ww.htbridge.com/advisory/ )=20

---------------------------------------------------------------------------=
--------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered vulnerability in Dokeos, =
which can be exploited to perform SQL Injection attacks.


1) SQL Injection in Dokeos: CVE-2013-6341

The vulnerability exists due to insufficient validation of "language" HTTP =
GET parameter passed to "/index.php" script. A remote unauthenticated attac=
ker can execute arbitrary SQL commands in application's database and gain c=
omplete control over the vulnerable web application.

The following exploitation example displays version of MySQL server:

http://[host]/index.php?language=3D0%27%20UNION%20SELECT%201,2,3,4,version%=
28%29,6,7,8%20--%202

---------------------------------------------------------------------------=
--------------------

Solution:

Vendor did not reply to 6 notifications by email, 1 notification via twitte=
r, 2 forum threads/direct messages. Currently we are not aware of any offic=
ial solution for this vulnerability.

Unofficial patch was developed by High-Tech Bridge Security Research Lab an=
d is available here: https://www.htbridge.com/advisory/HTB23181-patch.zip

---------------------------------------------------------------------------=
--------------------

References:

[1] High-Tech Bridge Advisory HTB23181 - https://www.htbridge.com/advisory/=
HTB23181 - SQL Injection in Dokeos.
[2] Dokeos - http://www.dokeos.com/ - Dokeos, the flexible, enterprise-read=
y e-learning software.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - in=
ternational in scope and free for public use, CVE=C2=AE is a dictionary of =
publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to =
developers and security practitioners, CWE is a formal list of software wea=
kness types.
[5] ImmuniWeb=C2=AE - http://www.htbridge.com/immuniweb/ - is High-Tech Bri=
dge's proprietary web application security assessment solution with SaaS de=
livery model that combines manual and automated vulnerability testing.

---------------------------------------------------------------------------=
--------------------

Disclaimer: The information provided in this Advisory is provided "as is" a=
nd without any warranty of any kind. Details of this Advisory may be update=
d in order to provide as accurate information as possible. The latest versi=
on of the Advisory is available on web page [1] in the References.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC