SQL Injection

[armorcodegithubapp]

Steps to Reproduce: Vulnerable Systems:

http://x.x.x.x/searchresults.asp?search=1
Search parameter

Mitigation: Recommendations:

Steps should be taken to prevent SQL injection attacks against the application.
While Rhodian only discovered 1 parameter that was vulnerable, a full review of the application should be done. The most effective ways to prevent SQL injection are:
• Use of Prepared Statements (Parameterized Queries)
• Use of Stored Procedures
• Escaping all User Supplied Input

Impact: Description and Impact:

A web application was discovered running on the vulnerable IP address. At least 1 parameter in the search function of the application was vulnerable to SQL injection. By injecting SQL statements into the parameters, Rhodian was able to enumerate large amounts of information from the back-end database. Usernames and passwords for the ACME application were discovered and used to successfully login.

Using the tool SQLmap, Rhodian was able to discover a parameter vulnerable to SQL injection.

Once the injection point was discovered, Rhodian enumerated information from the back-end database. The images below show the discovered databases.

Rhodian then downloaded information from select databases. Shown below is access to usernames and passwords for a different web application.

The credentials were discovered to be valid. Access to the ACME application is achieved.

Finding Id : 2620137532