Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label SQL Injection. Show all posts
SQL Injection
Cyber Attacks Ethical Hacking Pwn2Own QNAP SQL Injection

Hacking Contest: How QNAP Overcame Critical Zero-Day Flaws


One recent event that highlights the relentless pace of this digital arms race is QNAP's swift action to patch a second zero-day vulnerability. QNAP has addressed a second zero-day vulnerability that was exploited by security researchers during the recent Pwn2Own hacking contest.

The critical SQL injection (SQLi) flaw, identified as CVE-2024-50387, was discovered in QNAP's SMB Service. This vulnerability has now been patched in versions 4.15.002 or later and h4.15.002 and later. The fix was implemented a week after researchers YingMuo, participating through the DEVCORE Internship Program, successfully exploited the flaw to gain root access to a QNAP TS-464 NAS device at Pwn2Own Ireland 2024.

The Pwn2Own Competition

The Pwn2Own competitions are legendary in cybersecurity circles. These events invite the brightest ethical hackers from around the globe to demonstrate their skills by identifying and exploiting vulnerabilities in widely used software and hardware. The stakes are high, with significant monetary rewards and prestige on the line. The ultimate goal, however, is to strengthen the security of the products we rely on daily by exposing and rectifying their weaknesses.

At the 2024 Pwn2Own Ireland event, a critical vulnerability was uncovered in QNAP's HBS 3 Hybrid Backup Sync software, an essential tool for users seeking to secure their data through backup solutions. This vulnerability, identified as CVE-2024-50388, was an OS command injection flaw that allowed attackers to execute arbitrary commands on the host system. In simpler terms, this flaw could enable unauthorized individuals to gain root access to QNAP NAS devices—a severe security breach.

QNAP's Response

Upon learning of the exploit, QNAP's response was both prompt and thorough. The company's immediate actions underscore the importance of rapid response in cybersecurity. They quickly released a security patch to address the vulnerability, mitigating the risk to their users. This quick turnaround is crucial because the longer a vulnerability remains unaddressed, the greater the potential for malicious exploitation.

The patch not only protects users from potential attacks but also reinforces trust in QNAP's commitment to security. For any company in the tech space, maintaining user confidence is paramount, and QNAP's decisive action in patching the vulnerability goes a long way in assuring their user base.

Vigilance is Must

This incident with QNAP's HBS 3 software offers the importance of regular software updates and patches. Users must diligently apply updates to protect their systems against known vulnerabilities. Companies must maintain robust monitoring and response mechanisms to swiftly address any emerging threats.

Events like Pwn2Own stress the value of collaboration between tech companies and the ethical hacking community. By working together, they can identify and fix vulnerabilities before they can be exploited by malicious actors. This proactive approach to cybersecurity is essential in a world where the threat landscape is continually evolving.

Read more »
Vulnerability and Exploits
Airport Security SQL Injection TSA Bug User Security Vulnerability and Exploits

Security Experts Detect SQL Injection to Bypass Airport TSA Security Checks

 

Security experts discovered a flaw in a critical air transport security system, allowing unauthorised personnel to possibly bypass airport security screenings and get access to aircraft cockpits.

Researchers Ian Carroll and Sam Curry uncovered the security vulnerability in FlyCASS, a third-party web-based service used by some airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) project that lets pilots and flight attendants bypass security screening, whereas CASS allows authorised pilots to use jump seats in cockpits while flying. 

ARINC, a Collins Aerospace subsidiary, runs the KCM system, which uses an online platform to authenticate airline personnel' credentials. Access is granted without a security screening by scanning a KCM barcode or inputting an employee number, which is subsequently cross-checked with the airline's database. Likewise, when pilots need to commute or travel, the CASS system authenticates them for access to the cockpit jumpseat. 

The researchers observed that FlyCASS's login mechanism was vulnerable to SQL injection, which allows hackers to enter SQL commands into malicious database queries. By leveraging this flaw, they could log in as an administrator for a partnering airline, Air Transport International, and change personnel data in the system. 

The attackers also created a fictional employee named "Test TestOnly," and gave this account access to KCM and CASS, allowing them to "skip security screening and then access the cockpits of commercial airliners.” 

"Anyone with basic knowledge of SQL injection could login to this site and add anyone they wanted to KCM and CASS, allowing themselves to both skip security screening and then access the cockpits of commercial airliners," Carroll stated. 

The researchers promptly contacted the Department of Homeland Security (DHS) on April 23, 2024, after recognising the gravity of the situation. The researchers chose not to contact the FlyCASS site directly since it appeared to be managed by a single individual, and they were concerned that the disclosure would alarm them. 

The DHS responded by acknowledging the severity of the vulnerability and confirming that FlyCASS was unplugged from the KCM/CASS system on May 7, 2024, as a preventative step. Soon after, FyCASS's vulnerability was addressed. However, efforts to organise a safe disclosure of the vulnerability were thwarted when the DHS stopped answering to their emails. 

The researchers also received a response from the TSA press office denying the gravity of the vulnerability and claiming that the system's vetting procedure would stop unauthorised access. The TSA also discreetly removed information that contradicted its claims from its website after being notified by the researchers.

"After we informed the TSA of this, they deleted the section of their website that mentions manually entering an employee ID, and did not respond to our correction. We have confirmed that the interface used by TSOs still allows manual input of employee IDs," Carroll added.
Read more »
System Exploit
Cisco Cyber Security Software Bug SQL Injection System Exploit

Guarding Against SQL Injection: Securing Your Cisco Firepower Management Center

Guarding Against SQL Injection: Securing Your Cisco Firepower Management Center

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. 

A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability

What Is SQL Injection?

SQL injection is a type of security vulnerability that occurs when an attacker manipulates input data to execute arbitrary SQL queries against a database. In the case of Cisco FMC Software, an authenticated attacker can exploit this vulnerability by sending crafted SQL queries to the web-based management interface.

Impact

Successful exploitation of this vulnerability can have severe consequences:

Data Extraction: The attacker can retrieve sensitive data from the database, including user credentials, configuration details, and logs.

Command Execution: By injecting malicious SQL queries, the attacker can execute arbitrary commands on the underlying operating system.

Privilege Escalation: If the attacker gains access to the database, they can potentially elevate their privileges to root.

Mitigation efforts by Cisco

Cisco has published free software upgrades to address the vulnerability mentioned in this advisory. Customers with service contracts that include regular software updates should receive security fixes through their usual update channels.

Customers can only install and receive support for software versions and feature sets for which they have acquired a license.

Cisco has promptly addressed this issue by releasing software updates. Organizations using Cisco FMC Software should take the following steps:

  • Update: Apply the relevant security fixes provided by Cisco. Ensure that your FMC Software is running the latest version.
  • Authentication: Limit access to the FMC interface. Only authorized users should have access, and unnecessary accounts should be disabled.
  • Monitoring: Implement monitoring and intrusion detection systems to detect any suspicious activity related to SQL injection attempts.

Read more »
Vulnerabilties and Exploits
CISA Google Software Providers SQL Injection Vulnerabilties and Exploits

Protecting Users Against Bugs: Software Providers' Scalable Attempts

Protecting Users Against Bugs

Ransomware assaults, such as the one on Change Healthcare, continue to create serious disruptions. However, they are not inevitable. Software developers can create products that are immune to the most frequent types of cyberattacks used by ransomware gangs. This blog discusses what can be done and encourages customers to demand that software companies take action.

Millions of Americans recently experienced prescription medicine delays or were forced to pay full price as a result of a ransomware assault. While the United States has begun to make headway in reacting to cyberattacks, including the passage of incident reporting requirements into law, it is apparent that much more work remains to be done to combat the ransomware epidemic. 

Ransomware gangs flourish because they usually attack genuinely easy weaknesses in software that serve as the basis for critical operations and services.

Providing scalable solutions: Company duty

Business leaders of software manufacturers hold the key: They can build products that are resilient against the most common classes of cyberattacks by ransomware gangs.

The security community has known how to eliminate classes of vulnerabilities across software for decades. What is needed is not perfectly secure software but “secure enough” software, which software manufacturers are capable of creating.n exploit remarkably simple vulnerabilities in software that is the foundation for the essential processes and services.

Systemic classes of defects like SQL injection or insecure default configurations, such as a lack of multi-factor authentication by default or hardcoded default passwords, enable the vast majority of ransomware attacks and are preventable at scale.

The expense of preventing some types of vulnerabilities during the design stage is substantially less than dealing with the complex aftermath of a breach. 

According to a recent Google study, it has nearly eliminated many common types of vulnerabilities in its products, such as SQL injection and cross-site scripting. Furthermore, Google claims that such tactics were cost-effective and, in some cases, saved money ultimately as a result of having to worry about bugs.

Fighting lack of action

Inaction is exactly what has occurred in the software business. The Biden administration's National Cybersecurity Strategy asks for a shift in this direction, with software manufacturers accepting responsibility for product security from the start.

For example, whereas conventional vulnerability assessment approaches urge a sequential approach to identifying and patching vulnerabilities one by one, the agency's SQL injection alert promotes software manufacturers' executives to lead codebase reviews and eliminate all potentially unsafe functions to prevent SQL injection at the source.

How to identify bugs

Software vendors may assess vulnerability classes on two levels: impact, or the degree of damage that can be done by that class of vulnerability, and the cost of avoiding that flaw at scale.

SQL injection vulnerabilities are likely to be high in impact but inexpensive in cost to eliminate, whereas memory-safety issues have extremely high impact but need large investments to rewrite codebases systematically. Businesses can create a priority list of the most cost-effective tasks for fixing specific types of flaws in their products.

Customer's role: What can you do?

Companies should ask how their vendors attempt to remove entire classes of threats, such as implementing phishing-resistant multi-factor authentication and developing a memory-safe plan to address the most prevalent type of software vulnerability.

It is feasible that future ransomware assaults may be far more difficult to carry out. It's high time for software businesses to make this possibility a reality and safeguard Americans by including security from the beginning. Customers should insist that they do this.
Read more »
Zero- day vulnerability
Malicious Code MySQL PHP SQL Injection Vulnerabilities and Exploits. Zero- day vulnerability

PrestaShop Sites Hit by Severe Security Flaw

 


Hackers are using a blend of known and undiscovered security flaws to insert malicious software into e-commerce websites running the PrestaShop platform, according to an urgent advisory from PrestaShop. There are currently 300,000 stores using PrestaShop, which is available in 60 different languages.

Operation objective:

Hackers exploit businesses that are utilizing out-of-date software or modules, susceptible third-party modules, or a vulnerability that has not yet been identified. The store must be vulnerable to SQL injection attacks for the attack to succeed. PrestaShop versions 1.6.0.10 and later and versions 1.7.8.2 and after running modules susceptible to SQL injection are also affected by the vulnerability.

The repeating method is stated in the PrestaShop security bulletin as follows:
  • A POST request is made by the hacker to a vulnerability endpoint to SQL injection.
  • The hacker sends a GET request to the homepage without any parameters after around a second.
  • This triggers the creation of a PHP file with the name blm.php at the root of the shop's directory.
  • The attacker now sends a GET request to the newly constructed file, blm.php, enabling them to carry out any command.
The hackers likely exploited this web shell to insert a scam payment form on the store's checkout page and steal payment card information from customers. To keep the site owner from learning that they had been compromised, the remote threat actors erased their trails after the attack.

Security measures 

Ensure that the site is updated to the most recent version, as well as all of its modules. Compromise site managers may discover entries in the web server's access logs for clues that they were compromised if the hackers weren't careful with the cleanup of evidence.

The addition of malicious software to files through file modifications and the activation of the MySQL Smarty cache storage, which is a component of the attack chain, are additional indications of compromise.

Because of the exploit's intricacy, there are various techniques to use it, and hackers might also try to cover their traces. To ensure that no file has been edited or malicious software has been installed, think about hiring a professional to conduct a thorough audit of the website.



Read more »
Vulnerabilities and Exploits
Bugs Flaws Software SQL Injection Version Vulnerabilities and Exploits

SonicWall: Patch Critical SQL Injection Flaw Immediately

 

SonicWall, a security firm, issued patches to fix a severe SQL injection (SQLi) vulnerability in its Analytics On-Prem and Global Management System (GMS) products. 

SonicWall patched a significant SQL injection (SQLi) vulnerability in its Analytics On-Prem and Global Management System (GMS) products, identified as CVE-2022-22280 (CVSS score 9.4). 

“Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS and Analytics On-Prem.” reads the advisory published by the company. 

According to SonicWall experts, adding a Web Application Firewall that can identify and stop SQLi assaults can considerably lower the risk of exploitation. Hatlab DBappSecurity's H4lo and Catalpa identified the issue. The following is a list of fixed software: 
Product  and Fixed Version 
  • GMS: 9.3.1-SP2-Hotfix-2 
  • Analytics: 2.5.0.3-2520-Hotfix1 
Organizations are advised to upgrade to the above version as soon as possible. 

“There is no workaround available for this vulnerability,” SonicWall said. “However, the likelihood of exploitation may be significantly reduced by incorporating a Web Application Firewall (WAF) to block SQLi attempts.”
Read more »
Vulnerability and Exploits.
API Bug CVE vulnerability Patch Fix Security Update SQL Injection Vulnerabilities and Exploits Vulnerability and Exploits.

A SQL Injection bug Hits the Django web Framework

 

A serious vulnerability has been addressed in the most recent versions of the open-source Django web framework. 

Updates decrease the risk of SQL Injection

Developers are advised to update or patch their Django instances as soon after the Django team issues versions Django 4.0.6 and Django 3.2.14 that fix a high-severity SQL injection vulnerability. 

Malicious actors may exploit the vulnerability, CVE-2022-34265, by passing particular inputs to the Trunc and Extract methods.

The issue, which can be leveraged if untrusted data was used as a kind/lookup name value, is said to be present in the Trunc() and Extract() database functions, according to the researchers. It is feasible to lessen the danger of being exploited by implementing input sanitization for these functions.

Bugfixes 

Django's main branch and the 4.1, 4.0, and 3.2 release branches have all received patches to fix the problem. 

"This security update eliminates the problem, but we've found enhancements to the Database API methods for date extract and truncate that should be added to Django 4.1 before its official release. Django 4.1 releases candidate 1 or newer third-party database backends will be affected by this until they can be updated to the new API. We apologize for the trouble," Django team stated.
Read more »
SQL Injection
Cyber Security Open Source Software RCE SQL Injection

Open Source Software Vulnerabilities Leads to RCE

 

Various vulnerabilities in open source video platforms YouPHPTube and AVideo could be utilized to accomplish remote code execution (RCE) on a client's gadget. It can take an average of more than four years for vulnerabilities in open-source software to be detected, an area in the security community that needs to be addressed, researchers say. Experts from Synacktiv found various vulnerabilities in the source code-shared by the ventures that were because of an absence of client input sanitization, a related write-up reads. The issues incorporate an unauthenticated SQL injection vulnerability, multiple cross-site scripting (XSS) flaws, and a file write vulnerability. 

SQL injection is a code injection technique, used to assault information-driven applications, in which vindictive SQL articulations are embedded into an entry field for execution (for example to dump the database contents to the assailant). 

SQL injection should abuse a security vulnerability in an application's product. SQL injection assaults permit attackers to spoof identity, alter existing information, cause repudiation issues, for example, voiding transactions or changing balances, permit the total divulgence of all information on the system, destroy the information or make it in any case inaccessible, and become administrators of the database server.

Numerous reflected XSS vulnerabilities could be utilized to steal administrators' session cookies and perform actions as an administrator. A file write flaw could permit an administrator to execute malevolent code on the server. 

Synacktiv said there is no official workaround right now, but added that clients ought to purify $catName input information appropriately prior to processing SQL queries to avoid SQL injection. “Removing simple quotes is not a sufficient process,” researchers added. The vulnerabilities influence AVideo variants 10.0 and below, and YouPHPTube renditions 7.8 and below. 

The open-source community now plays a critical part in the improvement of software, but similarly, as with any other industry, vulnerabilities will exist. GitHub says that project developers, maintainers, and clients should check their dependencies for vulnerabilities consistently and ought to consider implementing automated alerts to remedy security issues in a more efficient and fast manner. 

"Open source is critical infrastructure, and we should all contribute to the security of open-source software," GitHub added. "Using automated alerting and patching tools to secure software quickly means attack surfaces are evolving, making it harder for attackers to exploit."
Read more »
Technology
SAP Security patches SQL Injection SQL Injection Vulnerability Technology

SAP Issued Warning and Updates Regarding the Serious Flaws with the Code Injection

 

A German multinational software corporation SAP ( Systems Applications and Products in Data Processing ) is known for developing software solutions that work on managing business operations as well as customer relations. SAP is the name of their software as well as of the company that works on this technology. SAP provides “future-proof Cloud ERP (Enterprise Resource Planning) solutions that will power the next generation of business.” With its advanced capabilities, SAP can boost your organization's efficiency and productivity by automating repetitive tasks, making better use of your time, money, and resources. 

SAP has published some 14 new updates or the Security Note on the 2020 December Patch Day. Whereas in January 2021 they published another set of 7 new Security Notes, later providing their new updates as well. Five of the seven have the highest severity rate of the Hot News. Later in the month, they made a proclamation where they published 10 advisories to a document of flaws ad fixes for a range of serious security vulnerabilities. In the congregation of asserted vulnerabilities, the most important issue bears a CVSS score of 9.9 in the SAP Business Warehouse. 

 The very first note addressed CVE-2021-21465 which according to SAP is multiple issues in the Database Interface. These bugs are an SQL Injection with a missing authorization check which should have featured a CVSS score of 6.5. A SQL Injection is basically a code injection technique that might at times destroy the database interface. One of the most common hacking technique used by hackers is SQL Injection. In the SQL Injection, another thing that was missing was Onapsis, a firm that secures Oracle and SAP applications. These missing authorization checks would easily exploit to read any table of a database. 

 Mentioning that minimum privileges are required for successful exploitation, Onapsis in a blog quoted, “An improper sanitization of provided SQL commands allowed an attacker to execute arbitrary SQL commands on the database which could lead to a full compromise of the affected system,” SAP decided to fix such bugs b disabling the function module and applying the patches that will result in abandoning of all the applications that call this function module. 

 Another serious issue, other than the aforementioned issue, is a code injection flaw in both Business Warehouse and BW/4H4NA , that addresses as CVE-2021-21466. This issue is a result of insufficient input validation. Such flaws are misused to inject malicious code that gets stored persistently as a repot. These issues potentially affect the confidentiality, integrity, and availability of systems. The remaining three from the total five updates are fixes for the programs released in 2018 and 2020. 

 Further SAP added as a warning, “An issue in the binding process of the Central Order service to a Cloud Foundry application” that could have allowed “unauthorized SAP employees to access the binding credentials of the service”.
Read more »
SQL Injection
Data Breach Database Leaked Hacking News NullCrew SQL Injection

Bell Canada website hacked with POST-based SQL Injection vulnerability

Few days back, Nullcrew hackers hacked into Bell Canada website and leaked thousands of customer data.

Bell Canada confirmed Sunday that usernames and passwords of 22,421 and five valid credit card numbers have been leaked by hackers.  However, the organization points finger at Third-party saying the leak "results from illegal hacking of an Ottawa-based third-party supplier's information technology system".

Bell claims its own network wasn't affected by this breach.  Bell has disabled all passwords and notifying all affected users.  They are currently working with law enforcement and government security officials to investigate the matter.

"Quite a laughable claim, Bell actually knows of the breach, they knew the vulnerable section of the website for two weeks."In a response to the Bell's claim, hackers said in their twitter account.

The screenshot provided to DataBreaches shows that the hackers had a chat with Bell Support team.

Nullcrew chatting with Bell support team

Hackers said a POST based SQL Injection vulnerability resides in the password recovery page of Bell's sub-domain( https://protectionmanagement.bell.ca/passwordrecovery_1.asp)

Post-based SQL Injection in Bell Canada
Read more »
Subscribe to: Posts (Atom)