dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
281
HELLFIRE
MVM
join:2009-11-25

7 recommendations

HELLFIRE

MVM

HIBP breach report email pwned HD ticketing system

»fyr.io/2020/05/30/haveib ··· jection/
quote:
Around late April we upgraded from an ancient version to the latest of GLPI – 9.4.5. All was well until we received an email from haveibeenpwned to our helpdesk support address, which automatically got logged as a support ticket. This email alerted us to some compromised accounts on our domain which were included in the latest Wishbone data dump. I rushed to get the HIBP report generated to see who’s data on our domain had been compromised by clicking a link in this email-turned-support-ticket. We got the report in a second email, which created a second ticket. I grabbed the data, deleted the second ticket (as we still had the original open) and perused the data. After doing the necessary work alerting any users to the breach of their data I went back to the original HIBP ticket, and realising I hadn’t assigned it to myself did so and promptly solved it. All is well, time to move on? Not quite. I and the other techs quickly noticed that every single ticket description had been deleted and replaced with partial header data from the HIBP email. This immediately stunk of some kind of SQL Injection flaw and my mind raced as to what the cause was. I had a suspicion I knew…
Not sure I get the nuts and bolts details, but I believe the obligatory XKCD hits this on the head -- »xkcd.com/327/

Regards

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

4 recommendations

Chubbzie

Member

said by HELLFIRE:

Not sure I get the nuts and bolts details

I'm not really sure in this scenario the 'nuts and bolts' are significant. Per the end of the article, staying current with releases as well as improper input assessments by the devs are the real culprits.

EGeezer
Premium Member
join:2002-08-04
Midwest

5 recommendations

EGeezer

Premium Member

From someone's IT bible:

Sanitize thy inputs and execution privileges, that thy data may be secure and thy employment may be long within the company that hath hired thee.


kevinds
Premium Member
join:2003-05-01
Calgary, AB

1 edit

1 recommendation

kevinds to HELLFIRE

Premium Member

to HELLFIRE
said by HELLFIRE:

by clicking a link in this email-turned-support-ticket.

And I thought the incident was going to go really bad after I read that sentence... lol