Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-1132

Publish Date: 24 May 2018

Source

                							

                # Exploit Title: OpenDaylight SQL Injection
# Date: 2018-05-24
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com 
# Vendor Homepage: https://www.opendaylight.org 
# CVE: CVE-2018-1132
 
 
intro:
OpenDaylight (ODL) is a modular open platform for customizing and automating networks of any size and scale. The OpenDaylight Project arose out of the SDN movement, with a clear focus on network programmability. It was designed from the outset as a foundation for commercial solutions that address a variety of use cases in existing network environments.
 
attackers can SQL inject the component's database(SQLite)  without authenticating to the controller or SDNInterfaceapp.
 
The bug is in /impl/src/main/java/org/opendaylight/sdninterfaceapp/impl/database/SdniDataBase.java (line 373~391)
 
The SDNI concats port information to build an insert SQL query, and it executes the query in SQLite.
However, in line 386, the portName is a string that can be customized by switches. Since SQLite supports multiple sql queries in one run,
attackers can customize the port name to inject another SQL if they compromise or forge a switch.
  
POC:
For example, he can set portName as:
");drop table NAME;//


<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

OpenDaylight SQL Injection

Vulmon Search

About

Products

Connect