SQL Injection Vulnerability FIx

SQL Injection Vulnerability FIx


Vulnerability: Blind SQL injection (unauthenticated)

Fix: Upgrade to Social IT vXXXX; OpManager vXXXX; IT360 vXXXX

Constraints: no authentication needed for OpManager and Social IT; authenticated in IT360

a)

POST /servlet/com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus?upgradeStatus=success&probeName=[SQLi]

POST /servlet/com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus?upgradeStatus=success&probeName=aaa'%3bcreate+table+bacas+(agga+text)%3b--+

b)

POST /servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=[SQLi]

POST /servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=aaa'%3bcreate+table+pulicia+(bolas+text)%3b--+ 


c)c)

POST /servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=[SQLi] --> runs direct query in db!

POST /servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=create+table+panicia+(bolos+text)


Fix for the above vulnerability(compatible for 11300 and 11400)

1)Download the attached zip file and extract it under /OpManager

2)Stop and Start OpManager


Please follow the below steps for 11600

1) take a backup of web.xml from \opmanager\web-inf\ folder

2) replace the uploaded web.xml 

https://uploads.zohocorp.com/Internal_Useruploads/dnd/OpManager/o_1ac9n1gh21egi152311fv1465o2g1/web.xml

3) stop and start opmanager service.

Change made in the file is:

<!--servlet-mapping> 
<servlet-name>com.adventnet.me.opmanager.servlet.APMIntegBusinessViewHandler</servlet-name> 
<url-pattern>/servlet/APMBVHandler</url-pattern> 
</servlet-mapping-->

          • Related Articles

          • Servlet Vulnerability Fix

            This fix is compatible only for build 11300(OpManager and Social IT Plus).  Please follow these steps. 1)Download the attached zip file and extract it under /OpManager 2)Stop and Start OpManager Note: This zip file contains the fix for these ...
          • PGSQL:SubmitQuery.do vulnerability (CVE-2015-7765, CVE-2015-7766)

            http://seclists.org/fulldisclosure/2015/Sep/66 Vulnerability Detail: Any account that has access to the web interface with Administrator rights has the possibility to use a web form to execute SQL queries on the backend PostgreSQL instance. By ...
          • CVE-2014-7866 : Fix for Remote code execution via file upload vulnerability

            Details of Vulnerability: Vulnerability: Remote code execution via file upload (unauthenticated  on OpManager and Social IT)  CVE-2014-7866  Constraints: no authentication needed for OpManager and Social IT;  authenticated in IT360  a)  POST ...
          • Changing the size of the SQL Server Express transaction log

            Question: How do I increase my SQL Server Express transaction log  size? This article provides steps to change the size of the SQL Server Express transaction log. You may want to change the log size to, for example, restrict its growth.   Solution:  ...
          • Poodle Vulnerability CVE-2014-3566

            POODLE, which stands for Padding Oracle on Downloaded Legacy Encryption, makes it possible for hackers to snoop on a user’s web browsing. The problem is an 18-year-old encryption standard, known as SSL v3, which is still used by older browsers like ...