{"id":6354,"date":"2017-01-24T14:20:08","date_gmt":"2017-01-24T22:20:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/24\/news-192\/"},"modified":"2017-01-24T14:20:08","modified_gmt":"2017-01-24T22:20:08","slug":"news-192","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/24\/news-192\/","title":{"rendered":"SSD Advisory \u2013 SAP Afaria SQL Injection"},"content":{"rendered":"
\n

Vulnerabilities Summary<\/strong>
The following advisory describes an SQL injection vulnerabilities in the SAP Afaria Service Pack 4 HotFix 15 that can lead to execute arbitrary code.<\/p>\n

Credit<\/strong>
An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n

Vendor Responses<\/strong>
SAP Afaria has released patch to address the vulnerability – SP5<\/p>\n

<\/span><\/p>\n

Vulnerability Details<\/strong>
When Afaria installed on mobile device, the user is given an “enrollment code<\/em>” which is used to identify the relay server. This enrollment code is a URI on tinyurl that redirects to the relay server so that users do not have to type in the https:\/\/FQDN\/path<\/em>.<\/p>\n

The following two HTTP requests can be used to trigger the SQL injection and call the MS SQL Server’s xp_cmdshell<\/em> command and cause the SQL server to execute arbitrary code.<\/p>\n

Command Injection #1<\/p>\n

\t\t<\/p>\n

\n
<\/span> \t\t\t<\/p>\n
\n
\n
<\/div>\n<\/div>\n
\n
<\/div>\n<\/div>\n
\n
<\/div>\n<\/div>\n
\n
<\/div>\n<\/div>\n
\n
<\/div>\n<\/div>\n
\n
<\/div>\n<\/div>\n<\/div>\n<\/div>\n
<\/div>\n