Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29313
HistoryMay 06, 2013 - 12:00 a.m.

hornbill supportworks SQL injection

2013-05-0600:00:00
vulners.com
21

Summary

SQL Injection Vulnerability in ITSM component of Hornbill Supportworks Application

CVE number: CVE-2013-2594

Impact: High

Vendor homepage: http://www.hornbill.com

Vendor notified: 19/11/2012

Vendor response: This issue has reportedly been fixed but the vendor refused to give version details.

Credit: Joseph Sheridan of ReactionIS

Affected Products

Supportworks ITSM versions 1.0.0 and possibly other versions

Details

There is a SQL injection vulnerability in the ITSM component of the Supportworks Application. The vulnerable file is calldiary.php found in the /reports folder of the webroot. The following URL demonstrates the issue:

http://vulnhost.com/reports/calldiary.php?callref=VULN

This attack can be used to take full control of the host by writing a php webshell document (using mysql β€˜into outfile’) to the webroot.

Impact

An attacker may be able to take full control of the Supportworks server and execute arbitrary operating-system commands.

Solution

Upgrade to the latest available ITSM version - contact Vendor for more details.

http://www.reactionpenetrationtesting.co.uk

http://www.reactionpenetrationtesting.co.uk/research.html

http://www.reactionpenetrationtesting.co.uk/security-testing-services.html