Application Details
Progress Software WhatsUp Gold is a network monitoring tool, used for complete visability of network devices, servers, virtual machines, cloud, and wireless environments.
Vulnerability
Progress Software WhatsUp Gold is vulnerable to SQL injection which could result in remote attackers bypassing authentication on affected Progress Software WhatsUp Gold installs. When exploiting this vulnerability, authentication is not necessary.
Identification
After sending specially crafted SQL statements, a remote attacker could successfully view, add, modify or delete information in the back-end database. This is due to a specific flaw within the implementation of HasErrors method, which lacks proper "user-supplied" validation. A remote attacker can leverage this vulnerability to bypass authentication on the system.
POST /NmConsole/Platform/PerformanceMonitorErrors/HasErrors
PAYLOAD - {"deviceId": "22222", "classId": "DF215E10-8BD4-4401-B2DC-99BB03135F2E';UPDATE ProActiveAlert SET sAlertName='psyduck'+( SELECT sValue FROM GlobalSettings WHERE sName = '_GLOBAL_:JavaKeyStorePwd');--", "range": "1", "n": "1", "start": "3", "end": "4", "businesdsHoursId": "5"}
Detection
By turning this into a traffic file and matching rule, we are able to detect attempts by an unauthenticated attacker to retrieve the user's encrypted password.
Coverage
Idappcom has created signature 8025262 along with a traffic file.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Komentarai