Scan Errors ORDERBY Parameter

  • brgreene

    (@brgreene)


    5 years ago

    My payment processor requires me to do a PCI Scan. One of the issues I am having with the scan is your plugin. When I disable it I don’t get the security issues.

    I tried to contact you through your website but I did not receive a reply. The report shows two flaws associated with your plugin.

    Number 1

    Title: CGI Generic SQL Injection (blind, time based)
    Synopsis: A CGI application hosted on the remote web server is potentially prone to SQL injection attack.
    Impact: By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, SecurityMetrics was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database. An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system. See also : https://www.securiteam.com/securityreviews/5DP0N1P76E.html https://www.nessus.org/u? ed792cf5 https://projects.webappsec.org/w/page/13246963/SQL%20Injection
    Resolution: Modify the affected CGI scripts so that they properly escape arguments.
    Data Received: Using the GET HTTP method, SecurityMetrics found that : + The following resources may be vulnerable to blind SQL injection (time based) : + The ‘orderby’ parameter of the /oval-braided-rugs/page CGI : /oval-braided-rugs/page?orderby=;SELECT%20pg_sleep(3);– ——– output ——-

    Number 2

    Title: CGI Generic Command Execution (time-based)
    Synopsis: It may be possible to run arbitrary code on the remote web server.
    Impact: The remote web server hosts CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host. See also : https://en.wikipedia.org/wiki/Code_injection https://projects.webappsec.org/w/page/13246950/OS%20Commanding
    Resolution: Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.
    Data Received: Using the GET HTTP method, SecurityMetrics found that : + The following resources may be vulnerable to arbitrary command execution (time based) : + The ‘orderby’ parameter of the /oval-braided-rugs/page CGI : /oval-braided-rugs/page? orderby=%20;%20x%20%7C%7C%20sleep%203%20%26 ——– output

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter brgreene

    (@brgreene)

    Any help on this. I have sent support tickets with no response.

    Plugin Author Maya

    (@tdgu)

    Hi,
    Sorry but the messages are generic, with no replicable steps. Both make reference to orderby GET usage, still, the plugin has no use for this anywhere.

    We never received any message through our website, contact us again to discuss it further.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Scan Errors ORDERBY Parameter’ is closed to new replies.