Skip to content

Instantly share code, notes, and snippets.

@tonykuo76

tonykuo76/ArmorX Webmail Pre-Auth SQL Injection.md Secret

Last active March 23, 2020 02:33
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tonykuo76/50350af9b77eb51f5ab55964a35f47f2 to your computer and use it in GitHub Desktop.
Save tonykuo76/50350af9b77eb51f5ab55964a35f47f2 to your computer and use it in GitHub Desktop.
Download ZIP
ArmorX Webmail Pre-Auth SQL Injection.md
Raw
ArmorX Webmail Pre-Auth SQL Injection.md

ArmorX Webmail Pre-Auth SQL Injection

Current Description

ArmorX Webmail through 2.0 has a SQL injection vulnerability, allowing execution of arbitrary SQL commands via bkimage parameter without authentication. The SQL commands can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations and companies.

Details

The injection point is bkimage parameter in "logo.php".

It allows remote attackers to execute arbitrary SQL commands via bkimage parameter without authentication.

Remote attackers can gain unauthorized data like user's account and password for login into webmail. When accessing a victim's account, remote attackers can modify the password. Remote attackers also can write arbitrary files like webshell on target system. It compromised the confidentiality, integrity and availability of data and system.

Description

Remote attackers can execute arbitrary SQL commands without authentication.

Affected files

http://[Target Domain]/logo.php

Contributor

  • Tony Kuo (CHT Security)
  • Hans (CHT Security)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment