usefulfor.com/security

In the previous article of this series (sql injection: inference attack) we saw an in introduction to the concept of SQL inference attacks. On security advisory: Plogger Photo Gallery SQL Injection we saw that the Plogger Photo Gallery SQL injection vulnerability was an ideal scenario to study SQL inference attacks.

Now it’s time to see a hands on example on how to exploit a SQL injection vulnerability using this technique. Please note that the intended audience of this article are security researchers that want to gain a deeper knowledge on the nature and internals of SQL inference attacks.
(more…)

Meridio Document and Records Management is an enterprise content management system (Enterprise Document and Records Management - eDRM).

Meridio has been identified as being vulnerable to an embedded Cross Site Scripting vulnerability in the ‘Title’ field when uploading a document (name=”subGeneralProps:dmpvDocTitle:PROP_W_title”) and when creating a container (name=”subGeneralProps:dmpvContainerTitle:PROP_W_title”) and also within the uploaded document.

Consequently, a malicious user could permanently inject JavaScript into the application. This malicious code could be made publicly accessible for other users of the Meridio application and would be executed within the context of the user’s browser accessing the embedded script.

This vulnerability could be exploited in large number of ways; such as session hijacking, key logging or social enginering, the main limitation would be the creativity of the person performing the attack.

It should be noted that for this vulnerability to be exploited an attacker would need to be a user of the application or to have compromised a user account.

Meridio have addressed this vulnerability and implemented a fix in version 4.3 SR1 and higher.

The full security advisory can be found here: [1] [2]