CVE-2012-5694 Information
Description
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo (2) controlPhNo (3) agentURLPath (4) agentControlKey or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo (7) controlKey or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl (10) getContacts.pl (11) getDatabase.pl (12) sendSMS.pl or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl (15) getContacts.pl (16) getDatabase.pl (17) SEAttack.pl (18) sendSMS.pl (19) takePic.pl or (20) CSAttack.pl in frameworkgui/.
Reference
http://osvdb.org/87324 http://osvdb.org/87325 http://secunia.com/advisories/51414 https://twitter.com/georgiaweidman/statuses/269138431567855618 https://www.htbridge.com/advisory/HTB23123
Share on: