CVE-2005-0410
CVSS5.0
发布时间 :2005-02-14 00:00:00
修订时间 :2008-09-10 15:35:31
NMCOP    

[原文]SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.


[CNNVD]CitrusDB importcc文件SQL注入漏洞(CNNVD-200502-053)

        CitrusDB 是一个基于Web的客户关系维护和账单管理解决方案。
        CitrusDB 0.3.6及更早版本的importcc.php中的SQL注入漏洞,可让远程攻击者通过CSV文件字段注入数据。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0410
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0410
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-053
(官方数据源) CNNVD

- 其它链接及资源

http://www.redteam-pentesting.de/advisories/rt-sa-2005-004.txt
(VENDOR_ADVISORY)  MISC  http://www.redteam-pentesting.de/advisories/rt-sa-2005-004.txt
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031709.html
(UNKNOWN)  FULLDISC  20050214 Advisory: SQL-Injection in CitrusDB

- 漏洞信息

CitrusDB importcc文件SQL注入漏洞
中危 SQL注入
2005-02-14 00:00:00 2006-05-12 00:00:00
远程  
        CitrusDB 是一个基于Web的客户关系维护和账单管理解决方案。
        CitrusDB 0.3.6及更早版本的importcc.php中的SQL注入漏洞,可让远程攻击者通过CSV文件字段注入数据。

- 公告与补丁

        暂无数据

- 漏洞信息 (F36183)

rt-sa-2005-004.txt (PacketStormID:F36183)
2005-02-25 00:00:00
 
advisory,vulnerability,sql injection
CVE-2005-0410
[点击下载]

CitrusDB suffers from additional SQL injection vulnerabilities via csv files in version 0.3.6.

--Apple-Mail-29--887021729
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

                      Advisory: SQL-Injection in CitrusDB

A group of students at our lab called RedTeam found an SQL-Injection  
vulnerability in CitrusDB.

Details
=======

Product: CitrusDB
Affected Version: 0.3.6 (verified), probably <= 0.3.5, too
Immune Version: none
OS affected: all
Security-Risk: low
Remote-Exploit: no
Vendor-URL: http://www.citrusb.org
Vendor-Status: informed
Advisory-URL:  
http://tsyklon.informatik.rwth-aachen.de/redteam/advisories/rt-sa-2005 
-004
Advisory-Status: public
CVE: CAN-2005-0410  
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0410#)

Introduction
============

Description from vendor: "CitrusDB is an open source customer database
application that uses PHP and a database backend (currently MySQL) to  
keep
track of customer information, services, products, billing, and customer
service information."

CitrusDB does not filter special characters (e.g. single quotes) from
uploaded csv files.

More Details
============

In ./citrusdb/tools/importcc.php data from a previous uploaded csv file  
is
inserted into the mysql database but none of the values is filtered.

Proof of Concept
================

A csv file with content

',,,,,

makes the SQL-Query in ./citrusdb/tools/importcc.php fail.

Workaround
==========

Check csv files manually for single quotes before upload.

Fix
===

n/a

Security Risk
=============

The security risk is rated low because only special users may upload csv
files and with this SQL injection it is only possible to inject data  
that
could be easier injected directly through csv file.

History
=======

2005-02-04 Email sent to author
2005-02-12 CVE number requested
2005-02-14 posted as CAN-2005-0410

RedTeam
=======

RedTeam is a penetration testing group working at the Laboratory for
Dependable Distributed Systems at RWTH-Aachen University. You can find  
more
Information on the RedTeam Project at
http://tsyklon.informatik.rwth-aachen.de/redteam/

-- 
Maximillian Dornseif, Dipl. Jur., CISSP
Laboratory for Dependable Distributed Systems, RWTH Aachen University
Tel. +49 241 80-21431 - http://md.hudora.de/

--Apple-Mail-29--887021729
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Disposition: attachment;
	filename=smime.p7s

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGWzCCAxQw
ggJ9oAMCAQICAwzibTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0EwHhcNMDQwODE4MTI1MTUxWhcNMDUwODE4MTI1MTUxWjBUMR8wHQYDVQQD
ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMTEwLwYJKoZIhvcNAQkBFiJkb3Juc2VpZkBpbmZvcm1h
dGlrLnJ3dGgtYWFjaGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAwMVffI
m78UUzzFpUTBaD3jzSOQABB4r+iznf6HnZ8oJUYvwbjZ8Na/S8Ie4o7VXAA2Dp2ipgAtvypY3VPI
d7LVdcQVJQNOLYQnICMJf7xTtXIoC7gDlOZFRfIl0zdrvNIOx+nhXgIgoQ7/IUcGQXF5Xgjg4sp1
YH4BFNOGNwl5VqwmazxtIGz5Bxzp3MJMV21T4MDBqX9DJcT9Oq+73fCCHzJh4tyNRrBI2ty9lvUB
n4dMv86jYDPK1BJmI9dy0/NM0ryA2ShHPmnxxNPd5i0s6g41L5M72garF5/RYEViEmTryAaI2yre
0Ps4EVmGH03FLEzTFvLDJL3FeL5gGQIDAQABo2IwYDAOBgNVHQ8BAf8EBAMCA/gwEQYJYIZIAYb4
QgEBBAQDAgWgMC0GA1UdEQQmMCSBImRvcm5zZWlmQGluZm9ybWF0aWsucnd0aC1hYWNoZW4uZGUw
DAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQCJCkQHOMXRjNdwnsWFWz8553dpExvcZ6Ff
tPAoXMkArHRvenUCNY+1e9hAed7mcHs4EP9Y04V52b9tJ/NaTR6tQUS8PzO2P/Aw3hjKwh/3CdKO
FwG15KEcZW3KG0jy4Tlp8re0wcxXBxKygq0k7TRqx338MwEVPCisWB+NHumcUDCCAz8wggKooAMC
AQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENh
cGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNV
BAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJz
b25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3Rl
LmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYD
VQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u
YWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV
+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqq
P3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEE
QB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSG
Mmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1Ud
DwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZI
hvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNw
PP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTl
EBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggLnMIIC4wIBATBpMGIxCzAJBgNVBAYTAlpBMSUw
IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDOJtMAkGBSsOAwIaBQCgggFTMBgGCSqGSIb3DQEJ
AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDIxNDIxMzEyMVowIwYJKoZIhvcNAQkE
MRYEFB6IXtsuzzfBbB06RampIUiDt/HMMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMM4m0wegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJ
BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQD
EyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDOJtMA0GCSqGSIb3DQEBAQUA
BIIBAF9/EiDVXjYraZIk9vSbT/yICXRopjlziSLwYK8DAIAAN9fXj93R7LTX1MAWk3eAJhpRTosR
PRqmX0fQYQIkkJuSmofMGkPkTfLmUGo5X83VDBe7S563UYS56kmOMoTtCi6NyYDeYtVbn9uqC15Q
jL7by6iYI2i9g5a9/K97++0l6Vya9KPdML5Hr2U7p1T1qp/clL7qQuTTmA3RbL9RLXoL+hKn5tFB
573B2v8DIm3KjZMCMV/NvXY4fWlEIgzQ9IaR0WHj8Dda6oAy2LM07YCarYMAUmLBEq9649AWt0IA
pXJCefdB7y74Y2hygxh/vOS2px6VMmhTAwnTF41kS8wAAAAAAAA=

--Apple-Mail-29--887021729--

    

- 漏洞信息

13785
CitrusDB importcc.php CSV File SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-13 Unknow
2005-02-13 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站