header-logo
Suggest Exploit
vendor:
Network Automation
by:
Unknown
9
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Network Automation
Affected Version From: 7.2x
Affected Version To: 9.1
Patch Exists: NO
Related CWE:
CPE: a:hp:network_automation:7.2x
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

HP Network Automation SQL Injection Vulnerability

The HP Network Automation application is prone to an SQL injection vulnerability due to the lack of proper sanitization of user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the necessary security patches provided by HP or upgrade to a non-vulnerable version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48924/info

HP Network Automation is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, 9.10 are vulnerable. 

http://www.example.com/view.php?id=1'+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7,8,9,10,11' 
cqrsecured