VSR independently discovered this SQL injection flaw (CVE-2011-1610)
and reported it to Cisco on November 11, 2010. Since we had very
limited time to preform testing on the product, and because Cisco
informed us that another researcher had reported the same flaw shortly
before us, we decided not to write a formal advisory.
However, I would like to add some additional technical information for
those who need to test for this flaw to determine if they are
vulnerable.
During our tests on version 7.1.3.32900-4 of the product, we found
that SQL query errors generated by attacks causes the vulnerable JSP
script to return no records, but does not present any error message.
To confirm the injection existed, the result from the following two
query URLs were compared:
/ccmcip/xmldirectorylist.jsp?f=vsr'||0/1%20OR%201=1))%20--
/ccmcip/xmldirectorylist.jsp?f=vsr'||1/0%20OR%201=1))%20--
The first URL returns a very large record set (likely all user
records) while the second query returns no records. The only
difference between the two being the order in which '0' and '1' appear
in the query, with the latter generating a divide-by-zero error. It
is likely that a simpler test case can be developed, but this is what
we came up with during very limited testing. We did not explore
injections on the l and n parameters.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
security-news
