A critical vulnerability, identified as CVE-2024-10947, has been discovered in the Interlib Library Cluster Automation Management System software developed by Guangzhou Tuchuang Computer Software Development. Versions up to 2..1 are affected by this security flaw. The vulnerability is related to an SQL injection attack that can be triggered remotely by manipulating the 'bookrecno' argument in the '/interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl' file.

Disclosure

The details of this exploit have been made available to the public, and it is essential for users to take immediate action to secure their systems. The vendor (Guangzhou Tuchuang Computer Software Development) was informed about this critical vulnerability at an early stage, but they have not provided any response or fix to address this security issue.

Exploit Details

The vulnerability is caused by insufficient input validation in the code responsible for processing the 'bookrecno' parameter. An attacker can inject malicious SQL code into the software's backend database system by sending a specifically crafted request to the vulnerable file. Here is a code snippet showcasing the exploitation of the 'bookrecno' parameter:

GET /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl&bookrecno=[SQL Injection Payload] HTTP/1.1
Host: target
User-Agent: Mozilla/5. (Windows NT 10.; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58..3029.110 Safari/537.36
Accept: */*
Referer: http://target/interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl

The attacker can exploit this vulnerability to execute arbitrary SQL code, which could lead to data leakage, system compromise, and unauthorized access.

Original References

The vulnerability was initially posted on the Vulnerability Lab's website, which includes an in-depth analysis of the flaw along with proof-of-concept exploit code. You can find more information about this vulnerability on the CVE details website.

Mitigation

While the vendor has not officially acknowledged or addressed this issue, it is crucial for users of the Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System to take appropriate steps to secure their systems. Here are some recommended actions for users:

Set up intrusion detection and prevention systems to monitor and block suspicious activities.

4. Limit user access based on the principle of least privilege, allowing only necessary access to authorized personnel.

Conclusion

The discovery of the critical SQL injection vulnerability (CVE-2024-10947) in the Interlib Library Cluster Automation Management System puts users at significant risk. It is essential for organizations and users to take immediate action to mitigate the potential impact by implementing the suggested security measures and monitoring for any signs of exploitation. The lack of response from the vendor highlights the importance of being proactive in securing and maintaining the software systems in use.

Timeline

Published on: 11/07/2024 04:15:03 UTC
Last modified on: 12/11/2024 19:58:55 UTC