VL Core Team published Blind SQL Injection Vulnerability with Video PoC to MSRC

Editorial_Staff_Team's picture

Core Team published Blind SQL Injection Vulnerability with Video PoC to MSRC

In january 2014 a critical remote vulnerability has been reported to the microsoft security response center team. The issue has been patched during july by the manufacturer.

The SQL Injection vulnerability was located in the item.asp file. The vulnerable parameter to inject the sql commands is `item_id`. Remote attacker are able to inject own sql commands to the item_id value in the item.asp file GET method request. The issue is a blind injection and the attack type is boolean based.

The security risk of the local file include web vulnerability is estimated as critical with a cvss (common vulnerability scoring system) count of 9.1. The remote sql injection web vulnerability can be exploited by remote attackers without privileged application user account and without required user interaction. Successful exploitation of the sql injection vulnerability results in application and web-service or dbms compromise.

The remote blind sql injection vulnerability can be exploited by remote attackers without user interaction or privileged web-application user account. For security demonstration or to reproduce the vulnerability follow the provided steps and information below.

Request #1
http://habitos.be.msn.com/item.asp?item_id=98%27%20AND%208606=BENCHMARK(1000000,MD5(0x4964554a))%20AND%20%27xPUE%27=%27xPUE

Request #2
http://habitos.be.msn.com/item.asp?item_id=98%27%20AND%208606=BENCHMARK(5000000,MD5(0x4964554a))%20AND%20%27xPUE%27=%27xPUE

Rate this article: 
Average: 5 (2 votes)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.