what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Eclipse.org SQL Injection

Eclipse.org SQL Injection
Posted Nov 15, 2013
Authored by Rafay Baloch, Shahmeer Amir

Eclipse.org suffers from a remote error-based SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4891c1a9e0a985be36498559d7f6aef0c86b7914a7631895c81deb87f34be354

Eclipse.org SQL Injection

Change Mirror Download
#Vulnerability: Eclipse.org Error Based SQL Injection
#Authors: Shahmeer Amir And Rafay Baloch
#Company: RHA INFOSEC
#Website: http://services.rafayhackingarticles.net


Url :http://eclipse.org/membership/showMember.php?member_id=(selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))
FROM syscolumns)


Vuln Parameter Name: member_id

Vuln Parameter Type: Querystring


Attack Pattern: (select
convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))
FROM syscolumns)

Vulnerability Details
{PROBLEM} identified a probable SQL injection, which occurs when data input
by a user is interpreted as an SQL command rather than as normal data by
the backend database.

This is an extremely common vulnerability and its successful exploitation
can have critical implications.

Even though I believe there is a SQL injection in here, it could not
confirm it. There can be numerous reasons for i am not being able to
confirm this. I strongly recommend investigating the issue manually to
ensure it is an SQL injection and that it needs to be addressed. You can
also consider sending the details of this issue to us so i can address this
issue for the next time and give you a more precise result.

Impact
Depending on the backend database, database connection settings and the
operating system, an attacker can mount one or more of the following type
of attacks successfully:
Reading, updating and deleting arbitrary data/tables from the database.
Executing commands on the underlying operating system.

Actions to Take
See the remedy for solution.
If you are not using a database access layer (DAL) within the architecture
consider its benefits and implement if appropriate. As a minimum the use of
s DAL will help centralize the issue and its resolution. You can also use
ORM (object relational mapping). Most ORM systems use parameterized queries
and this can solve many if not all SQL injection based problems.
Locate all of the dynamically generated SQL queries and convert them to
parameterized queries. (If you decide to use a DAL/ORM, change all legacy
code to use these new libraries.)
Monitor and review weblogs and application logs to uncover active or
previous exploitation attempts.


Remedy
A very robust method for mitigating the threat of SQL injection-based
vulnerabilities is to use parameterized queries (prepared statements).
Almost all modern languages provide built-in libraries for this. Wherever
possible, do not create dynamic SQL queries or SQL queries with string
concatenation.
Required Skills for Successful Exploitation
There are numerous freely available tools to test for SQL injection
vulnerabilities. This is a complex area with many dependencies; however, it
should be noted that the numerous resources available in this area have
raised both attacker awareness of the issues and their ability to discover
and leverage them. SQL injection is one of the most common web application
vulnerabilities
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close