Multiple vulnerabilities in Smartphone Pentest Framework

Posted: November 15, 2012 in Vulnerabilities
Tags: , , , , ,

Vulnerability

Vulnerabilities in Smartphone Pentest

Vulnerability: Multiple vulnerabilities in Smartphone Pentest Framework (SPF)

Danger: High
Number of vulnerabilities: 5
CVE ID:

– CVE-2012-5697;
– CVE-2012-5694;
– CVE-2012-5693;
– CVE-2012-5695;
– CVE-2012-5696.

Vector operation: Local Network (LAN)
Impact: Cross Site Scripting, Unauthorized manipulation of data, Elevation of Privilege, Security Bypass, System compromise

Affected Products: Smartphone Pentest Framework (SPF) 1.x

Affected versions: Smartphone Pentest Framework (SPF) 1.0

Description:

Will be exploited by malicious people to disclose sensitive information, make CSRF attack to execute arbitrary SQL commands to the database application, and potentially compromise a vulnerable system.

1. The vulnerability is due to insecure privileges for application files. Local user to overwrite arbitrary files, applications and improve their privileges.

2. The vulnerability is caused due to insufficient input validation in different scenarios in the directory “/ frameworkgui /”. This can be exploited to execute arbitrary SQL commands in the application database.

3. The vulnerability is caused due to insufficient input validation before calling system () in scripts remoteAttack.pl, CSAttack.pl, SEAttack.pl, attach2agents.pl, attachMobileModem.pl and guessPassword.pl. This can be exploited via a specially crafted HTTP request to execute arbitrary commands on the system.

4. The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. A remote user can perform CSRF attack and will take full control of the application and potentially execute arbitrary code.

5. The vulnerability is caused due to insufficient access restrictions to the file / frameworkgui / config. A remote user can directly access the file and get access to potentially sensitive information (for example, to know the credentials to connect to the application database).

Manufacturer URL: www.bulbsecurity.com/smartphone-pentest-framework/

Links:
https://www.htbridge.com/advisory/HTB23123

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s