BigAnt IM Message server and components contain multiple vulnerabilities which could allow an attacker to perform administrative functions on the the system
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2012-6273
During the SHU request (search user) from the bigant messaging client, a sql query is built from a template and sent via a http like header. Proper sanitization is not performed. It has been reported this can be demonstrated by opening up the BigAnt Messenger Client, logging into a server, and searching for an 'Account/Full Name' of blah' OR hs_User.Col_Pword LIKE '[a-z]
A remote unauthenticated attacker may obtain sensitive information, cause a denial of service condition or execute arbitrary code with the privileges of the application.
We are currently unaware of a practical solution to this problem.
Thanks to hamburgers maccoy for reporting this vulnerability.
This document was written by Michael Orlando.