| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFzAN87vC6YwNjRK3Yy8Oz_m4_TnD8jAh3++mAsZxkj-y0sWhg@mail.gmail.com> Date: Fri, 9 May 2025 16:46:48 +0400 From: Shaikh Shahnawaz <sshahnawaz99910@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Unauthenticated Blind SQL Injection | RSI queue management system - V 3.0 | CVE-2025-26086 [+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC [+] twitter.com/_striv3r_ [Vendor of Product] RSI Queue (https://www.rsiqueue.com/) [Vulnerability Type] Blind SQL Injection [Affected Component] The vulnerable component is the TaskID parameter in the get request. [CVE Reference] CVE-2025-26086 [Security Issue] An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication. [Attack Vectors] An attacker sends malicious SQL payloads in the TaskID parameter to trigger time delays. The server executes these queries, and the response time reveals boolean results, enabling iterative database enumeration. [Network Access] Remote [Severity] Critical [Disclosure Timeline] Vendor Notification: October 16, 2024 Vendor released fixed: May 2, 2025 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists