Computer Security
[EN] no-pyccku

Related information

  Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SECURITY] [DSA 3343-1] twig security update

  CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins

  Jenkins 1.626 - Cross Site Request Forgery / Code Execution

  Dogma India dogmaindia CMS - Auth Bypass Vulnerability

From:wissam.bashour_(at) <wissam.bashour_(at)>
Subject:Boolean-based SQL injection Vulnerability in K2 Platforms

Title: Boolean-based SQL injection Vulnerability in K2 Platforms.
Author: Wissam Bashour - Help AG Middle East
Vendor: K2
Product: SmartForms, BlackPearl, K2 for sharepoint
Version: 4.6.7
Tested Version: Version 4.6.7
Severity: HIGH
CVE Reference: CVE-2015-7299

# About the Product: K2 smartforms can pull and push information from line-of-business systems — SharePoint, CRM, SAP and others — and they can be used in the cloud with applications like The built-in K2 SmartObject technology allows true reusability of SmartForms components across multiple SmartForms, in multiple applications.

# Description:
This Boolean-based SQL injection vulnerability enables an anonymous attacker to read sensitive data from the database, and recover the content of a given file present on the DBMS file system.

# Vulnerability Class:
SQL injection -

# How to Reproduce: (POC):
Host the attached code in a webserver. Then go for the xml parameter that calls the AJAXCall.ashx in the smart object for the SharePoint.
You can see that the parameter doesn’t sanitize SQL queries.

# Disclosure:
Discovered: September 20, 2015
Vendor Notification: September 22, 2015
Advisory Publication: October 13, 2015
Public Disclosure: October 15, 2015

# Solution:
Upgrade to 4.6.10 or later will fix this issue.
The new version number is 4.6.10 (4.12060.1690.2)
Release date: June, 2015

# credits:
Wissam Bashour
Associate Security Analyst
Help AG Middle East

# Proof of Concept Code:

[1] help AG middle East
[4] Common Vulnerabilities and Exposures (CVE) - - international in scope and free for public use, CVEВ® is a dictionary of publicly known information security vulnerabilities and exposures.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod