[Sony] SQL Injection Through User-Agent Header
Original Post:
We discussed this vulnerability during Episode 91 on 18 October 2021
The fundamental issue is as basic as it gets, one of the first attacks many budding hackers learn is ' or 1=1
in a login page. Well this was a SQLi in the username of a login form, taken a little further by enabling xp_cmdshell
and gaining code execution. While its not an unheard of attack, it is uncommon to see SQL injection be so directly leveraged for RCE these days.