Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2024-30923: SQL Injection in DerbyNet v9.0 via print/render/racer.inc

Related Vulnerabilities: CVE-2024-30923  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#9">By Date</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#9">By Thread</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">CVE-2024-30923: SQL Injection in DerbyNet v9.0 via	print/render/racer.inc</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Valentin Lobstein via Fulldisclosure &lt;fulldisclosure () seclists org&gt;


<em>Date</em>: Wed, 03 Apr 2024 18:38:21 +0000


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">CVE ID: CVE-2024-30923

Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the 
`print/render/racer.inc` component. This vulnerability allows remote attackers to execute arbitrary code and disclose 
sensitive information by exploiting improper sanitization of the `where` clause in Racer Document Rendering.

Vulnerability Type: SQL Injection

Vendor of Product: DerbyNet - Available on GitHub: <a rel="nofollow" href="https://github.com/jeffpiazza/derbynet">https://github.com/jeffpiazza/derbynet</a>

Affected Product Code Base: DerbyNet - v9.0

Affected Component: print/render/racer.inc

Attack Type: Remote

Impact:
- Code execution: True
- Information Disclosure: True

Attack Vectors:
The vulnerability is present in the `print/render/racer.inc` component of DerbyNet, due to insufficient sanitization of 
the `where` parameter within the URL. Attackers can manipulate SQL queries by injecting malicious SQL commands through 
the `where` parameter, as demonstrated in the following URL:
- `<a rel="nofollow" href="http://127.0.0.1:8000/render-document.php/award/GoldCupAwardDocument?where=1`">http://127.0.0.1:8000/render-document.php/award/GoldCupAwardDocument?where=1`</a>

This manipulation could lead to unauthorized access to database information and potential code execution on the server 
hosting the application.

Discoverer: Valentin Lobstein

References:
- Official website: <a rel="nofollow" href="http://derbynet.com">http://derbynet.com</a>
- Source code on GitHub: <a rel="nofollow" href="https://github.com/jeffpiazza/derbynet">https://github.com/jeffpiazza/derbynet</a>
_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="https://seclists.org/fulldisclosure/">https://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#9">By Date</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="8"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#9">By Thread</a>
<a href="10"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>CVE-2024-30923: SQL Injection in DerbyNet v9.0 via	print/render/racer.inc</strong> <em>Valentin Lobstein via Fulldisclosure (Apr 05)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started