OrangeHRM version 2.7.1-rc.1 and probably prior contain SQL Injection [CWE-89] vulnerabilities. This vulnerabilities is reported by High-Tech Bridge Security Research Lab.
Vulnerabilities was discovered in the "symfony/web/index.php" script while handling the "sortField" HTTP GET parameter. Successful exploitation of this vulnerability requires administrative privileges, however it can be exploited by a non-authenticated user via CSRF vector, as the above-mentioned script is also vulnerable to CSRF attack.
The vulnerability could be triggered by accessing the following URIs:
/symfony/web/index.php/admin/viewCustomers
/symfony/web/index.php/admin/viewPayGrades
/symfony/web/index.php/admin/viewPayGrades
version()` (or any other sensitive information from the database) subdomain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker).
All details, Proof of Concept (PoC) examples available in page below:
High-Tech Bridge Advisory HTB23119 - SQL Injection Vulnerability in Orange HRM.
No comments:
Post a Comment