usd-2018-0003 | Starface/6.4.3.34


Advisory ID: usd-2018-0003
Affected Version: 6.4.3.34
Vulnerability Type: SQL Injection
Security Risk: high
Vendor URL: https://www.starface.com/
Vendor Status: Not fixed
Advisory Status: Partial disclosure

Description

A SQL injection attack consists of insertion or „injection“ of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.

Proof of Concept (PoC)

The parameter ‚phoneCallerIdSettingsForm.callerIdSettings%5B0%5D.callerIdValue‘ of the request to /config/phone/callerids/save.do is vulnerable to an SQL injection.

=> PoC will be published when all issues are fixed.

Fix

Make sure to use prepared Statement for each database which contains user supplied input.

Timeline

  • 2018-06-06 First published

Credits

The security vulnerabilities were found by Sebastian Puttkammer of usd AG.