Summary
This host is installed with Xerox DocuShare and is prone to multiple sql injection vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML or script code and manipulate SQL queries in the backend database allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
Apply the hotfix from the below link,
http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf
Insight
Input appended to the URL after /docushare/dsweb/ResultBackgroundJobMultiple/1 is not properly sanitised before being used in SQL queries.
Affected
Xerox DocuShare version 6.5.3 Patch 6, 6.6.1 Update 1, and 6.6.1 Update 2, Prior versions may also be affected.
Detection
Send a crafted HTTP GET request and check whether it is able to execute sql query or not.
References
- http://osvdb.org/105972
- http://packetstormsecurity.com/files/126171
- http://secunia.com/advisories/57996
- http://www.exploit-db.com/exploits/32886
- http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf
- https://gist.github.com/brandonprry/10745681
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- Adobe ColdFusion Information Disclosure Vulnerability
- Advantech WebAccess Multiple Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability