Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32364
HistoryJul 27, 2015 - 12:00 a.m.

NetCracker Resource Management 8.0 - SQL Injection Vulnerability

2015-07-2700:00:00
vulners.com
60
JSON

Vulnerability type: SQL Injection

Vendor: http://www.netcracker.com/

Product: NetCracker Resource Management System

Affected version: =< 8.0

Patched version: 8.2

Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan

CVE ID: CVE-2015-3423

PROOF OF CONCEPT (SQLi)

SQL Injection (SQLi) vulnerability in multiple pages in NetCracker
Resource Management System and earlier allows authenticated users to
inject SQL statements via multiple parameters.

VULNERABLE PARAMETERS:

  • ctrl
  • h____%2427
  • h____%2439
  • param0
  • param1
  • param2
  • param3
  • param4
  • filter_INSERT_COUNT
  • filter_MINOR_FALLOUT
  • filter_UPDATE_COUNT
  • sort
  • sessid
  • (etc…)

SAMPLE PAYLOAD

  • '

TIMELINE

  • 28/02/2015: Vulnerability found
  • 13/03/2015: Vendor informed
  • 13/03/2015: Vendor responded and acknowledged
  • 21/04/2015: Vendor fixed the issue
  • 22/07/2015: Public disclosure

Related

packetstorm 1
cve 1
prion 1
zdt 1
securityvulns 1
packetstorm
packetstorm
NetCracker Resource Management System 8.0 SQL Injection
2015-07-22 00:00:00
cve
cve
CVE-2015-3423
2020-02-08 18:15:00
prion
prion
Sql injection
2020-02-08 18:15:00
zdt
zdt
NetCracker Resource Management System 8.0 XSS / SQL Injection Vulnerabilities
2015-07-23 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-07-27 00:00:00
JSON
Related for SECURITYVULNS:DOC:32364
packetstorm1cve1prion1zdt1securityvulns1