关键漏洞信息 漏洞标题 SOCA Access Control System 180612 SQL Injection And Authentication Bypass 编号 Advisory ID: ZSL-2019-5519 类型 Type: Local/Remote 影响与风险 Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: 5/5 发布日期 Release Date: 13.05.2019 漏洞描述 The SOCA web access control system suffers from multiple SQL Injection vulnerabilities. Input passed via multiple POST parameters is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries and bypass the authentication mechanism. It allows the attacker to remotely disclose password hashes and login with MD5 hash with highest privileges resulting in unlocking doors and bypass the physical access control in place. 厂商 SOCA Technology Co., Ltd - http://www.socatech.com 受影响版本 180612 170000 141007 测试环境 Windows NT 6.1 build 7601 (Windows 7 Service Pack 1) i586 Windows NT 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 Apache/2.2.22 (Win32) PHP/5.4.13 厂商状态 N/A 证明概念 (PoC) soga_sqlinj.txt 发现者 Vulnerability discovered by Gjoko Krstic - 参考链接 1. 2. 3. 4. 更新日志 [13.05.2019] - Initial release [15.05.2019] - Added reference [4] 联系方式 Zero Science Lab Web: http://www.zeroscience.mk e-mail: lab@zeroscience.mk