[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] China Pujiang Government - Blind SQL Injection Vulnerability
From: Research <research () vulnerability-lab ! com>
Date: 2012-04-29 3:53:40
Message-ID: 4F9CBB44.8090600 () vulnerability-lab ! com
[Download RAW message or body]
Title:
======
China Pujiang Government - Blind SQL Injection Vulnerability
Date:
=====
2012-04-26
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=310
VL-ID:
=====
310
Introduction:
=============
Pujiang County is in the Southwest part of the Sichuan Basin and in the area from East \
longitude 103°19′to 103°41′ and from North latitude 30°05′ to 30°20′. \
It borders Pengshan and Meishan in the east, Mingshan in the west, Danlin (Danleng County) in \
the south, and Qionglai in the north, stretching 37 kilometers from east to west and 27.5 \
kilometers from north to south.
(Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/Pujiang_County,_Sichuan )
Abstract:
=========
The Vulnerability Laboratory Research Team discovered a SQL-Injection Vulnerability on Chinas \
Pujiang Government website.
Report-Timeline:
================
2011-11-08: Vendor Notification
2011-11-09: Vendor Response/Feedback
2011-04-20: Vendor Fix/Patch by Check
2011-04-26: Public or Non-Public Disclosure
Status:
========
Published
Exploitation-Technique:
=======================
Remote
Severity:
=========
Critical
Details:
========
A blind SQL Injection vulnerability is detected on on Chinas Pujiang Government website.
The vulnerability allows an attacker (remote) to inject/execute own sql commands on the \
affected application dbms. Successful exploitation of the vulnerability results in dbms, \
service & application compromise. The vulnerabilities are located on the id value of the file \
`details.php` request.
Vulnerable Module(s):
[+] Dept/Detail.php
Vulnerable Value(s):
[+] id=
Picture(s):
../blind1.png
../blind2.png
Proof of Concept:
=================
The blind SQL Injection vulnerability can be exploited by remote attackers or local privileged \
user accounts. For demonstration or reproduce ...
Site: www.pujiang.gov.cn
Path: /Dept/
File: Detail.php
Para: ?id=[SQL-Injection]
Solution:
=========
CLOSED BY COORDINATION OF CHINA NATIONAL VULNERABILITY DATABASE FOR INFORMATION SECURITY (CNNVD \
PARTNERS).
Risk:
=====
The security risk of the blind sql injection vulnerability is estimated as critical.
Credits:
========
Vulnerability Laboratory [Research Team] - Chokri Ben Achor (meister@vulnerability-lab.com)
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability-Lab disclaims all warranties, either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or \
its suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation may not apply. Any modified copy or reproduction, including partially usages, of \
this file requires authorization from Vulnerability- Lab. Permission to electronically \
redistribute this alert in its unmodified form is granted. All other rights, including the use \
of other media, are reserved by Vulnerability-Lab or its suppliers.
Copyright © 2012 Vulnerability-Lab
--
VULNERABILITY RESEARCH LABORATORY TEAM
Website: www.vulnerability-lab.com
Mail: research@vulnerability-lab.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic