Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
Hello Team,
We found SQL injection vulnerability when we are opening any media image files from media folder as mentioned below.
affected url below
https://our website name/media/6142/indexdiversitygroup.jpg?width=1400&mode=crop&height=%27and(select*from(select(Sleep(5)))a)----+
is it expected behaviour, bug/issue in the umbraco core?
We are using umbraco version 7.15.3
Please let me know.
Hi,
I just tried the parameters on a media on an internal site. I could'nt see any issues, or a 5 second sleep.
How do you classify this as a "SQL injection vulnerability"?
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.
Continue discussion
SQL injection vulnerability found in media image files
Hello Team,
We found SQL injection vulnerability when we are opening any media image files from media folder as mentioned below.
affected url below
https://our website name/media/6142/indexdiversitygroup.jpg?width=1400&mode=crop&height=%27and(select*from(select(Sleep(5)))a)----+
is it expected behaviour, bug/issue in the umbraco core?
We are using umbraco version 7.15.3
Please let me know.
Hi,
I just tried the parameters on a media on an internal site. I could'nt see any issues, or a 5 second sleep.
How do you classify this as a "SQL injection vulnerability"?
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.