+----------------------------------+
+ Netsweeper 4.0.4 - SQL Injection +
+----------------------------------+
Affected Product: Netsweeper
Vendor Homepage : www.netsweeper.com
Version : 4.0.4 (and probably other versions)
Discovered by : Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
Patched : Yes
CVE : CVE-2014-9612
+---------------------+
+ Product Description +
+---------------------+
Netsweeper is a software solution specialized in content filtering.
+----------------------+
+ Exploitation Details +
+----------------------+
Once specific parameter in Netsweeper 3.0.6, 4.0.3 and 4.0.4 (and probably other versions) was identified being vulnerable to SQL injection attacks.
Condition: The exploitation can be performed by any non-authenticated user with access to the vulnerable pages (usually from everyone).
Vulnerable Page: http://netsweeper:8080/remotereporter/load_logfiles.php?server=<SQLi>&url=a
Vulnerable GET Parameter: server
+----------+
+ Solution +
+----------+
Upgrade to latest version.
+---------------------+
+ Disclosure Timeline +
+---------------------+
24-Nov-2014: Initial Communication
03-Dec-2014: Netsweeper responded
03-Dec-2014: Shared full details to replicate the issue
10-Dec-2014: Netsweeper fixed the issue in releases 3.1.10, 4.0.9, 4.1.2
17-Dec-2014: New releases 3.1.10, 4.0.9, 4.1.2 made available to the public
18-Dec-2014: Confirm fix
17-Jan-2015: CVE assigned CVE-2014-9612
11-Aug-2015: Public disclosure
