RINGJORDAN SQL Injection Time-Line Vulnerability ----------------------- 02-12-2013 Security Advisory No response-No FeedBack 12-12-2013 Full Disclosure I. VULNERABILITY------------------------- #Title: RINGJORDAN SQL Injection #Vendor:http://www.ringjordan.com/ #Author:Juan Carlos García (@secnight) #Follow us @habemuscurso II. DESCRIPTION Ring Jordan is a Value Added Services (VAS) Company for the GSM and landline operators in Jordan. The company started operating in October of 2003 and is considered to be a leader in the Interactive Voice Recognition (IVR) field. Along with its IVR services, Ring Jordan was able to provide SMS service to its customers to proceed in its goal of offering innovative, credible and reliable communication and information. Ring Jordan's mission is to provide a wide range of services that include information and entertainment for all its users. Ring Jordan seeks to improve and enhance the mobile experience whether for GSM or landline users. III. PROOF OF CONCEPT Blind SQL Injection Vulnerability description SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. Mitigation---------------------------------- Parameterized statementsEnforcement at the coding levelEscaping Impact of this vulnerability---------------------------- Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password. Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability. Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack. Attack details 1- Go to Admin-Login Panel http://www.ringjordan.com/AdminLogin.asp 2- Login as User: ' OR 'A'='A Pass: ' OR 'A'='A "Welcome Zxxxxxxxx " Login as User: ' or '1'='1' -- ' Pass: ' or '1'='1' -- ' "Welcome Zxxxxx " Use your imagination ... :-) !!! IV. CREDITS------------------------- This vulnerability has been discoveredby Juan Carlos García (@secnight) VII. LEGAL NOTICES------------------------- The Author accepts no responsibility for any damagecaused by the use or misuse of this information.