Friday, November 23, 2012

HTB23123: Smartphone Pentest Framework (SPF) multiple vulnerabilities

Smartphone Pentest Framework SPF

Smartphone Pentest Framework (SPF) version 0.1.2 suffers from 5 different types of software weaknesses: OS Command Injection [CWE-78], SQL Injection [CWE-89], Cross-Site Request Forgery [CWE-352], Improper Access Control [CWE-284], Incorrect Default Permissions [CWE-276]. High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework (SPF) web-based GUI, which could be exploited to get control over a pentester's machine.

  • Multiple OS Command Execution Vulnerabilities in Smartphone Pentest Framework (SPF):
    Multiple Perl scripts in the "/frameworkgui/" directory do not perform sanitation of user-supplied input passed as argument to the system() function. This could be exploited to inject and execute arbitrary OS commands on the target system with privileges of the web server.

  • SQL Injection [CWE-89]:
    Multiple Perl scripts in the "/frameworkgui/" directory are vulnerable to SQL injections. A remote attacker can execute arbitrary SQL commands in application's database.

  • Cross-Site Request Forgery [CWE-352]:
    The vulnerability exists due to insufficient verification of the HTTP requests origin in all Perl scripts within the "/frameworkgui/" directory. A remote attacker without direct access to application's web interface can perform cross-site request forgery attacks and execute arbitrary actions available to application's users only (e.g. send SMS messages).

  • Improper Access Control [CWE-284]:
    The weakness exists due to insufficient ACL to the "config" file located in "/frameworkgui/" directory. A remote attacker can access the configuration file directly and obtain sensitive information, such as database password that is stored in plaintext.

  • Incorrect Default Permissions [CWE-276]:
    The weakness exists because of "btinstall" installation script that sets world-writable permissions for all files within the "/frameworkgui/" directory:
    cd /var/www/frameworkgui; chmod 777 * ;

Solution available:
Upgrade to Smartphone Pentest Framework (SPF) version 0.1.3.

Original HTB Advisory:
HTB23123: Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)

Posted by at
Labels:

1 comment:

  1. Elysium AcademyNovember 30, 2018 at 3:13 AM

    Ethical hacking training institute with provide placement offers
    https://elysiumacademy.org/training-center-bhopal/

    ReplyDelete

Subscribe to: Post Comments (Atom)