ArmorX Webmail Pre-Auth SQL Injection
Current Description
ArmorX Webmail through 2.0 has a SQL injection vulnerability, allowing execution of arbitrary SQL commands via bkimage parameter without authentication. The SQL commands can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations and companies.
Details
The injection point is bkimage parameter in "logo.php".
It allows remote attackers to execute arbitrary SQL commands via bkimage parameter without authentication.
Remote attackers can gain unauthorized data like user's account and password for login into webmail. When accessing a victim's account, remote attackers can modify the password. Remote attackers also can write arbitrary files like webshell on target system. It compromised the confidentiality, integrity and availability of data and system.
Description
Remote attackers can execute arbitrary SQL commands without authentication.
Affected files
http://[Target Domain]/logo.php
Contributor
- Tony Kuo (CHT Security)
- Hans (CHT Security)