Search This Blog

Showing posts with label SQL Injection. Show all posts

Open Source Software Vulnerabilities Leads to RCE

 

Various vulnerabilities in open source video platforms YouPHPTube and AVideo could be utilized to accomplish remote code execution (RCE) on a client's gadget. It can take an average of more than four years for vulnerabilities in open-source software to be detected, an area in the security community that needs to be addressed, researchers say. Experts from Synacktiv found various vulnerabilities in the source code-shared by the ventures that were because of an absence of client input sanitization, a related write-up reads. The issues incorporate an unauthenticated SQL injection vulnerability, multiple cross-site scripting (XSS) flaws, and a file write vulnerability. 

SQL injection is a code injection technique, used to assault information-driven applications, in which vindictive SQL articulations are embedded into an entry field for execution (for example to dump the database contents to the assailant). 

SQL injection should abuse a security vulnerability in an application's product. SQL injection assaults permit attackers to spoof identity, alter existing information, cause repudiation issues, for example, voiding transactions or changing balances, permit the total divulgence of all information on the system, destroy the information or make it in any case inaccessible, and become administrators of the database server.

Numerous reflected XSS vulnerabilities could be utilized to steal administrators' session cookies and perform actions as an administrator. A file write flaw could permit an administrator to execute malevolent code on the server. 

Synacktiv said there is no official workaround right now, but added that clients ought to purify $catName input information appropriately prior to processing SQL queries to avoid SQL injection. “Removing simple quotes is not a sufficient process,” researchers added. The vulnerabilities influence AVideo variants 10.0 and below, and YouPHPTube renditions 7.8 and below. 

The open-source community now plays a critical part in the improvement of software, but similarly, as with any other industry, vulnerabilities will exist. GitHub says that project developers, maintainers, and clients should check their dependencies for vulnerabilities consistently and ought to consider implementing automated alerts to remedy security issues in a more efficient and fast manner. 

"Open source is critical infrastructure, and we should all contribute to the security of open-source software," GitHub added. "Using automated alerting and patching tools to secure software quickly means attack surfaces are evolving, making it harder for attackers to exploit."

SAP Issued Warning and Updates Regarding the Serious Flaws with the Code Injection

 

A German multinational software corporation SAP ( Systems Applications and Products in Data Processing ) is known for developing software solutions that work on managing business operations as well as customer relations. SAP is the name of their software as well as of the company that works on this technology. SAP provides “future-proof Cloud ERP (Enterprise Resource Planning) solutions that will power the next generation of business.” With its advanced capabilities, SAP can boost your organization's efficiency and productivity by automating repetitive tasks, making better use of your time, money, and resources. 

SAP has published some 14 new updates or the Security Note on the 2020 December Patch Day. Whereas in January 2021 they published another set of 7 new Security Notes, later providing their new updates as well. Five of the seven have the highest severity rate of the Hot News. Later in the month, they made a proclamation where they published 10 advisories to a document of flaws ad fixes for a range of serious security vulnerabilities. In the congregation of asserted vulnerabilities, the most important issue bears a CVSS score of 9.9 in the SAP Business Warehouse. 

 The very first note addressed CVE-2021-21465 which according to SAP is multiple issues in the Database Interface. These bugs are an SQL Injection with a missing authorization check which should have featured a CVSS score of 6.5. A SQL Injection is basically a code injection technique that might at times destroy the database interface. One of the most common hacking technique used by hackers is SQL Injection. In the SQL Injection, another thing that was missing was Onapsis, a firm that secures Oracle and SAP applications. These missing authorization checks would easily exploit to read any table of a database. 

 Mentioning that minimum privileges are required for successful exploitation, Onapsis in a blog quoted, “An improper sanitization of provided SQL commands allowed an attacker to execute arbitrary SQL commands on the database which could lead to a full compromise of the affected system,” SAP decided to fix such bugs b disabling the function module and applying the patches that will result in abandoning of all the applications that call this function module. 

 Another serious issue, other than the aforementioned issue, is a code injection flaw in both Business Warehouse and BW/4H4NA , that addresses as CVE-2021-21466. This issue is a result of insufficient input validation. Such flaws are misused to inject malicious code that gets stored persistently as a repot. These issues potentially affect the confidentiality, integrity, and availability of systems. The remaining three from the total five updates are fixes for the programs released in 2018 and 2020. 

 Further SAP added as a warning, “An issue in the binding process of the Central Order service to a Cloud Foundry application” that could have allowed “unauthorized SAP employees to access the binding credentials of the service”.

Bell Canada website hacked with POST-based SQL Injection vulnerability

Few days back, Nullcrew hackers hacked into Bell Canada website and leaked thousands of customer data.

Bell Canada confirmed Sunday that usernames and passwords of 22,421 and five valid credit card numbers have been leaked by hackers.  However, the organization points finger at Third-party saying the leak "results from illegal hacking of an Ottawa-based third-party supplier's information technology system".

Bell claims its own network wasn't affected by this breach.  Bell has disabled all passwords and notifying all affected users.  They are currently working with law enforcement and government security officials to investigate the matter.

"Quite a laughable claim, Bell actually knows of the breach, they knew the vulnerable section of the website for two weeks."In a response to the Bell's claim, hackers said in their twitter account.

The screenshot provided to DataBreaches shows that the hackers had a chat with Bell Support team.

Nullcrew chatting with Bell support team

Hackers said a POST based SQL Injection vulnerability resides in the password recovery page of Bell's sub-domain( https://protectionmanagement.bell.ca/passwordrecovery_1.asp)

Post-based SQL Injection in Bell Canada