TGTGInsighttelegram intelligenceLIVE / telegram public index
← 显齋Oracle-网络安全/web渗透
查看原帖
显齋Oracle-网络安全/web渗透 avatar

TGINSIGHT POST

Post #35

@Oracleimpacts

显齋Oracle-网络安全/web渗透

Views1,690帖子阅读量
发布5月24日2023/05/24 03:01
Post content

帖子内容

漏洞氵 Adam Mobilmen终端软件特殊元素的不正确过滤SQL注入漏洞(CVE-2023-1508) 披露时间 北京时间2023-05-24凌晨六点左右,CVSS评分9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) JSON: {"dataType":"CVE_RECORD","dataVersion":"5.0","cveMetadata":{"cveId":"CVE-2023-1508","assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","state":"PUBLISHED","assignerShortName":"TR-CERT","dateReserved":"2023-03-20T08:10:52.189Z","datePublished":"2023-05-23T20:00:41.023Z","dateUpdated":"2023-05-23T20:00:41.023Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Mobilmen Terminal Software","vendor":"Adam Retail Automation Systems","versions":[{"lessThan":"3","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Omer Fatih YEGIN"}],"datePublic":"2023-05-23T20:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.<p>This issue affects Mobilmen Terminal Software: before 3.</p>"}],"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3.\n\n"}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT","dateUpdated":"2023-05-23T20:00:41.023Z"},"references":[{"tags":["government-resource"],"url":"https://www.usom.gov.tr/bildirim/tr-23-0284"}],"source":{"advisory":"TR-23-0284","defect":["TR-23-0284"],"discovery":"EXTERNAL"},"title":"SQLi in AdamPOS's Mobilmen Terminal Software","x_generator":{"engine":"Vulnogram 0.1.0-dev"}}}} 影响版本 Mobilmen移动端从6.0之前的5.0全部版本均受影响(但不包括6.0) poc 在公开频道里白嫖这种漏洞的poc你想屁吃呢😅