Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Avira.com SQL Injection and Security Filter Bypassing

Cyber Security Analyst Ebrahim Hegazy has found an Avira.com SQL Injection vulnerability, Avira.com is the famous Avira Antivirus vendor’s web site. Ebrahim Hegazy(@Zigoo0) Cyber Security Analyst Consultant @ Q-CERT who found a SQL Injection in Yahoo! about two months ago, has found a new SQL Injection vulnerability in Avira.com the famous Avira Antivirus vendor. The […]

Avira.com SQL Injection and Security Filter Bypassing

Cyber Security Analyst Ebrahim Hegazy has found an Avira.com SQL Injection vulnerability, Avira.com is the famous Avira Antivirus vendor’s web site.

Ebrahim Hegazy(@Zigoo0) Cyber Security Analyst Consultant @ Q-CERT who found a SQL Injection in Yahoo! about two months ago, has found a new SQL Injection vulnerability in Avira.com the famous Avira Antivirus vendor. The Avira.com SQL Injection allows remote attackers to inject own SQL commands to breach the database of Avira.com vulnerable application and get access to the user data or other data stored in inside the Database.

Zigoo0 succeeded to bypass the filter used in Avira.com website to block SQL Injection discovery attempts.

“When I try to manipulate the parameters by adding ‘ Single Qution to the Parameter value to figure out if the parameter is vulnerable to SQLI or no, I got redirected to the main page(filter detection), So I tried the back-slash instead \ and it works with an SQL error appeared. It means that the filter used to block SQL Injection discovery attempts is not behavior based filter but is a black/white word list based!” Zigooo revealed.

Zigoo0 sent me a video as a Proof of concept for the Avira.com SQL Injection vulnerability:

Avira.com SQL Injection

The time line for the Avira.com SQL Injection vulnerability is:

2013-05-25:    Vendor Notification
2013-05-31:    Vendor Fix/Patch

I decided to publish the news despite the Avira.com SQL Injection vulnerability has been fixed for two main reasons:

First I desire to highlight the prompt reply of Avira firm that fixed the flaw in a few days, this is not common as demonstrated by recent events and data breaches.

Second we must consider that  SQL Injection vulnerabilities are responsible for a meaningful portion of observed attacks and the security teams and system administrators have to consider this category of vulnerabilities with great attention.

To have an idea of the number of attacks that exploit this kind of flaw I propose an interesting statistics published on Hackmageddon.com web site and related to the period Gen-May 2013.

“The Distribution of Attack Techniques assigns to the SQL injection the crown of the most used weapon for the month of May. DDoS is “only” at the third place with the half of occurrences. It is interesting to notice the high rate of attacks made by mean of account hijacking, at number four with the 12% of occurrences. a clear consequence of the long trail of high-profile attacks perpetrated by the Syrian Electronic Army.”

H1 2013 technoques for cyberattacks

Pierluigi Paganini

(Security Affairs –  Avira.com SQL Injection)