vulnerable to blind SQL injection - Support | Kriesi.at

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
August 24, 2016 at 3:04 pm #677003

ariane1001
Participant

Hello,

One of my customers their hosting company checked their website for safety and found vulnerabilities to blind SQL injection.
According to the report of Threadstone there are resources vulnerable to blind SQL injection. It is al about Avia content so could you take a look and let me know if it is really unsafe and if not why it is not unsafe.

The url of the website is: phoenixvibrationcontrols.com

Thank you very much in advance,
Ariane

The report from Threadstone

Using the GET HTTP method, Nessus found that :

+ The following resources may be vulnerable to blind SQL injection :

+ The ‘s’ parameter of the /en/products/air-springs/fabreeka-pal-plm-air-springs/ CGI :

/en/products/air-springs/fabreeka-pal-plm-air-springs/?avia_generated_fo

rm1=1&avia_1_1=&avia_2_1=&avia_3_1=&avia_4_1=&s=zz1&avia_1_1=&avia_2_1=&

avia_3_1=&avia_4_1=&s=yy

——– output ——–

HTTP/1.1 200 OK

——– vs ——–

HTTP/1.1 301 Moved Permanently

————————

/en/products/air-springs/fabreeka-pal-plm-air-springs/?avia_generated_fo

rm1=1&avia_1_1=&avia_2_1=&avia_3_1=&avia_4_1=&s=zz1&avia_1_1=&avia_2_1=&

avia_3_1=&avia_4_1=&s=yy {2}

——– output ——–

HTTP/1.1 200 OK

——– vs ——–

HTTP/1.1 301 Moved Permanently

————————

/en/products/air-springs/fabreeka-pal-plm-air-springs/?avia_generated_fo

rm1=1&avia_1_1=&avia_2_1=&avia_3_1=&avia_4_1=&s=zz1&avia_1_1=&avia_2_1=&

avia_3_1=&avia_4_1=&s=yy {3}

——– output ——–

HTTP/1.1 200 OK

——– vs ——–

HTTP/1.1 301 Moved Permanently

————————

/en/products/air-springs/fabreeka-pal-plm-air-springs/?avia_generated_fo

rm1=1&avia_1_1=516409&avia_2_1=&avia_3_1=&avia_4_1=&s=zz1&avia_1_1=51640

9&avia_2_1=&avia_3_1=&avia_4_1=&s=yy

——– output ——–

HTTP/1.1 200 OK

——– vs ——–

HTTP/1.1 301 Moved Permanently

————————

/en/products/air-springs/fabreeka-pal-plm-air-springs/?avia_generated_fo

rm1=1&avia_1_1=516409&avia_2_1=&avia_3_1=&avia_4_1=&s=zz1&avia_1_1=51640

9&avia_2_1=&avia_3_1=&avia_4_1=&s=yy {2}

——– output ——–

HTTP/1.1 200 OK

——– vs ——–

HTTP/1.1 301 Moved Permanently

————————

/en/products/air-springs/fabreeka-pal-plm-air-springs/?avia_generated_fo

rm1=1&avia_1_1=516409&avia_2_1=&avia_3_1=&avia_4_1=&s=zz1&avia_1_1=51640

9&avia_2_1=&avia_3_1=&avia_4_1=&s=yy {3}

——– output ——–

HTTP/1.1 200 OK

——– vs ——–

HTTP/1.1 301 Moved Permanently

————————

Using the POST HTTP method, Nessus found that :

+ The following resources may be vulnerable to blind SQL injection :

+ The ‘avia_1_1’ parameter of the /en/products/air-springs/fabreeka-pal-plm-air-springs/ CGI :

/en/products/air-springs/fabreeka-pal-plm-air-springs/ [avia_generated_f

orm1=1&s=&avia_2_1=&avia_3_1=&avia_4_1=&avia_1_1=zz1&s=&avia_2_1=&avia_3

_1=&avia_4_1=&avia_1_1=yy]

——– output ——–

</table>

</div></section></div><div class=”flex_column av_one_half flex_co […]

<form action=”http://www.phoenixvibrationcontrols.com/en/products/air-sp

rings/fabreeka-pal-plm-air-springs/” method=”post” class=”avia_ajax_for

m av-form-labels-visible avia-builder-el-5 el_after_av_heading avia-

builder-el-last ” data-avia-form-id=”1″ data-avia-redirect=”><fi […]

</div></div></main><!– close content main element –> <!– sectio […]

——– vs ——–

</table>

</div></section></div><div class=”flex_column av_one_half flex_co […]

<form action=”http://www.phoenixvibrationcontrols.com/en/products/air-sp

rings/fabreeka-pal-plm-air-springs/” method=”post” class=”avia_ajax_for

m av-form-labels-visible avia-builder-el-5 el_after_av_heading avia-

builder-el-last ” data-avia-form-id=”1″ data-avia-redirect=”><fi […]

</div></div></main><!– close content main element –> <!– sectio […]

————————

/en/products/air-springs/fabreeka-pal-plm-air-springs/ [avia_generated_f

orm1=1&s=&avia_2_1=&avia_3_1=&avia_4_1=&avia_1_1=zz1&s=&avia_2_1=&avia_3

_1=&avia_4_1=&avia_1_1=yy] {2}

——– output ——–

</table>

</div></section></div><div class=”flex_column av_one_half flex_co […]

<form action=”http://www.phoenixvibrationcontrols.com/en/products/air-sp

rings/fabreeka-pal-plm-air-springs/” method=”post” class=”avia_ajax_for

m av-form-labels-visible avia-builder-el-5 el_after_av_heading avia-

builder-el-last ” data-avia-form-id=”1″ data-avia-redirect=”><fi […]

</div></div></main><!– close content main element –> <!– sectio […]

——– vs ——–

</table>

</div></section></div><div class=”flex_column av_one_half flex_co […]

<form action=”http://www.phoenixvibrationcontrols.com/en/products/air-sp

rings/fabreeka-pal-plm-air-springs/” method=”post” class=”avia_ajax_for

m av-form-labels-visible avia-builder-el-5 el_after_av_heading avia-

builder-el-last ” data-avia-form-id=”1″ data-avia-redirect=”><fi […]

</div></div></main><!– close content main element –> <!– sectio […]

————————

/en/products/air-springs/fabreeka-pal-plm-air-springs/ [avia_generated_f

orm1=1&s=&avia_2_1=&avia_3_1=&avia_4_1=&avia_1_1=zz1&s=&avia_2_1=&avia_3

_1=&avia_4_1=&avia_1_1=yy] {3}

——– output ——–

</table>

</div></section></div><div class=”flex_column av_one_half flex_co […]

<form action=”http://www.phoenixvibrationcontrols.com/en/products/air-sp

rings/fabreeka-pal-plm-air-springs/” method=”post” class=”avia_ajax_for

m av-form-labels-visible avia-builder-el-5 el_after_av_heading avia-

builder-el-last ” data-avia-form-id=”1″ data-avia-redirect=”><fi […]

</div></div></main><!– close content main element –> <!– sectio […]

——– vs ——–

</table>

</div></section></div><div class=”flex_column av_one_half flex_co […]

<form action=”http://www.phoenixvibrationcontrols.com/en/products/air-sp

rings/fabreeka-pal-plm-air-springs/” method=”post” class=”avia_ajax_for

m av-form-labels-visible avia-builder-el-5 el_after_av_heading avia-

builder-el-last ” data-avia-form-id=”1″ data-avia-redirect=”><fi […]

</div></div></main><!– close content main element –> <!– sectio […]

————————

+ The ‘avia_2_1’ parameter of the /en/products/air-springs/fabreeka-pal-plm-air-springs/ CGI :

/en/products/air-springs/fabreeka-pal-plm-air-springs/ [avia_generated_f

orm1=1&s=&avia_1_1=&avia_3_1=&avia_4_1=&avia_2_1=zz1&s=&avia_1_1=&avia_3

_1=&avia_4_1=&avia_2_1=yy]

——– output ——–

</table>

</div></section></div><div class=”flex_column av_one_half flex_co […]

<form action=”http://www.phoenixvibrationcontrols.com/en/products/air-sp

rings/fabreeka-pal-plm-air-springs/” method=”post” class=”avia_ajax_for

m av-form-labels-visible avia-builder-el-5 el_after_av_heading avia-

builder-el-last ” data-avia-form-id=”1″ data-avia-redirect=”><fi […]

</div></div></main><!– close content main element –> <!– sectio […]

——– vs ——–

</table>

</div></section></div><div class=”flex_column av_one_half flex_co […]

<form action=”http://www.phoenixvibrationcontrols.com/en/products/air-sp

rings/fabreeka-pal-plm-air-springs/” method=”post” class=”avia_ajax_for

m av-form-labels-visible avia-builder-el-5 el_after_av_heading avia-

builder-el-last ” data-avia-form-id=”1″ data-avia-redirect=”><fi […]

</div></div></main><!– close content main element –> <!– sectio […]

August 29, 2016 at 12:30 pm #678824

Yigit
Keymaster

Hey!

Thanks for the heads up. We forwarded this thread to our devs for investigation.

Best regards,
Yigit
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.