|
Message-ID: <20160601141541.7d5219cc@andriamanitra> Date: Wed, 1 Jun 2016 14:15:41 +0300 From: Mihamina RAKOTOMANDIMBY <mihamina-rakotomandimby@...mb.org> To: oss-security@...ts.openwall.com Subject: "The Blind SQL Injection Issue" explanation Hi members, A web application of mine has been scanned by a "security tool". It reports some issues about "Blind SQL Injection Issue" The test result seems to indicate a vulnerability because it shows that values can be appended to parameter values, indicating that they were embedded in an SQL query. In this test, three (or sometimes four) requests are sent. The last is logically equal to the original, and the next-to-last is different. Any others are for control purposes. A comparison of the last two responses with the first (the last is similar to it, and the next-to-last is different) indicates that the application is vulnerable. This message is widely used on internet: https://goo.gl/Gtqkbk My problem is I cannot figure out how this could work. Let's suppose the web app is vulnerable, the reasoning of this test is: - req. 1 gets resp. 1 and changed database state to state 1 - req. 2 gets resp. 2 and changed database state to state "whatever" - req. 3 gets resp. 1 and changed database state to state "whatever" My questions are: - How could database state "whatever" would give the same response as "state 1" ? (a.k.a "resp. 1") - As a "blind" one (mostly random input then), how could these assertions work? Would you please help me to figure out how this works? I have basic security level and maths are far away in the past ;-) Thank you in advance.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.