US Ports Targeted with Zero-Day SQL Injection Flaw

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Ports in the US have reported attacks using an SQL injection flaw made public by a hacker known as bRpsd, who released a fully working exploit online without notifying the vendor in advance.

Following these events, ICS-CERT, the US-CERT division in charge of security alerts for industrial control systems (ICS), has issued advisories regarding the vulnerability's existence and the ongoing series of attacks.

The affected application is Navis WebAccess, the Web-based component of the Navis maritime transportation logistics software suite, sold by the Cargotec Corporation.

Hacker dumps fully working Navis SQLi exploit code on Exploit-DB
ICS-CERT says the company became aware of the SQL injection zero-day on August 9, a day after bRpsd published his proof-of-concept code.

The Navis team released a patch on August 10 and started notifying customers. According to Cargotec, there are only 13 companies across the world currently deploying Navis software, five of them in the US.

A quick Google search reveals the Navis panels of at least three US companies. One of the companies that deploy Navis is Ports America, a corporation that manages 42 ports across the US and Canada, in 80 different locations, including large maritime hubs such as New York, Los Angeles, Miami, New Orleans, Boston, Portland, San Diego, Tampa, Vancouver, Houston, Jacksonville, and many more.

The notification didn't come fast enough, and some ports reported attacks using the SQL injection.

Zero-day requires low sophistication to exploit
According to ICS-CERT, "the SQL injection vulnerability [...] targeted publicly available news-pages in the [Navis] application."

ICS-CERT says the exploit requires a low sophistication level to execute, that the SQL injection occurs as part of the URL string, and it occurs due to a flaw in the Navis error reporting system.

ICS-CERT says that all US entities deploying Navis have applied the necessary patches, but has issued the alert, so Cargotec's international customers do the same.

In the meantime, bRpsd's exploit has spread from Exploit-DB, the site it was initially uploaded, to a plethora of other portals hosting proof of concept code for known vulnerabilities.

bRpsd is a very active hacker, with a Zone-H profile of over 1,200 defaced websites. He is also the hacker that hacked the Dark Web portal belonging to the Albanian mafia group called Besa.
Click to expand...
 
  • Like
Reactions: Solarquest, Logethica and Deleted Member 3a5v73x
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
Trend Micro fixes endpoint protection zero-day used in attacks
Replies
1
Views
1,140
News Archive
Moonhorse
Moonhorse
MuzzMelbourne
    • Like
    • Wow
Gen Digital - Says Employee Data Stolen in MOVEit Ransomware Attack
Replies
2
Views
958
News Archive
nickstar1
nickstar1
[correlate]
    • Like
    • +Reputation
September Android updates fix zero-day exploited in attacks
Replies
0
Views
1,161
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top