Lucene search
High-Tech BridgeHTB23177HistoryOct 09, 2013 - 12:00 a.m.
SQL Injection in appRain
2013-10-0900:00:00
High-Tech Bridge
www.htbridge.com
19
0.003 Low
EPSS
Percentile
71.5%
High-Tech Bridge Security Research Lab discovered vulnerability in appRain, which can be exploited to perform SQL Injection attacks.
- Blind SQL Injection in appRain: CVE-2013-6058
The vulnerability is caused by insufficient validation of user-supplied data appended to “/blog-by-cat/” URL. Remote attacker can execute arbitrary SQL commands to read, modify or delete information in application’s database.
The following exploitation example will display all posts from category 1, if the MySQL Server version is 5.x, otherwise no posts will be displayed:
http://[host]/blog-by-cat/1%20and%20substring(version(),1,1)=5/
Related
seebug
seebug
appRain 3.0.2 - Blind SQL Injection Vulnerability
2014-07-01 00:00:00
prion
prion
Sql injection
2013-11-14 20:55:00
nvd
nvd
CVE-2013-6058
2013-11-14 20:55:04
cvelist
cvelist
CVE-2013-6058
2013-11-14 20:00:00
cve
cve
CVE-2013-6058
2013-11-14 20:55:04
zdt
zdt
appRain 3.0.2 SQL Injection Vulnerability
2013-11-07 00:00:00
dsquare
dsquare
appRain 3.0.2 SQL Injection
2014-02-12 00:00:00
exploitpack
exploitpack
appRain 3.0.2 - Blind SQL Injection
2013-11-08 00:00:00
packetstorm
packetstorm
appRain 3.0.2 SQL Injection
2013-11-06 00:00:00
securityvulns
securityvulns
SQL Injection in appRain
2013-12-09 00:00:00
exploitdb
exploitdb
appRain 3.0.2 - Blind SQL Injection
2013-11-08 00:00:00