Tuesday, March 5, 2013

SQLi in Cisco.com

Its been a while.
Nothing much going to bubbling here :/
Just want to share with you guys with my recent finding on Cisco. There's a SQLi bug in one of their application.

The bug exist at the forgotpassword page in one of their public application which I bet quite important.The parameter affected is UserName

The error appear once we put a single quote (')

We can use Blind SQLi Technique on this. :)

Disclosure :
Found date                 - 19/12/2012
Reported date             - 20/12/2012
Vendor responded but no news after 31/12/2012 (busy with holiday?)
Again reported            - 18/02/2013
CSIRT Team replied   - 19/02/2013
Bug fixed                    - 01/03/2013
Public disclosure         - 06/03/2013