|Main Archive Page > Month Archives > full-disclosure-uk archives|
nGenuity Information Services -- Security Advisory Advisory ID: NGENUITY-2010-001 - Zenoss getJSONEventsInfo SQL Injection Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin (firstname.lastname@example.org) Authentication: Valid user or admin session required I. BACKGROUND "Zenoss Core is an award-winning open source IT monitoring product that effectively manages the configuration, health and performance of networks, servers and applications through a single, integrated software package." 
getJSONEventsInfo contains multiple SQL Injection vulnerabilities due to improperly sanitized user provided input. The following URL parameters are injectable: severity, state, filter, offset, and count.
Authentication as an admin or regular user is required for successful exploitation.
A proof of concept request might look like this
offset=0&count=60 into outfile "/tmp/z"
 - http://www.zenoss.com
 - http://cwe.mitre.org/data/definitions/89.html
IV. VENDOR COMMUNICATION 3.10.2009 - Vulnerability Discovery 8.21.2009 - Requested status from vendor 9.29.2009 - Vendor call (Fix pending)
Copyright (c) 2009 nGenuity Information Services, LLC