1

I am looking for some java applications (other than Manage Engine) vulnerable to Blind SQL Injection attacks for Authentication Bypass. I explored exploitdb and others but didn't find anything interesting.

Can anybody help me with some links of Java based applications vulnerable to Blind SQL injection attacks along with POC steps.

Thank you.

Improve this question

1 Answer 1

Reset to default
2

There are a lot of (blind) SQL injections in various ManageEngine software. For example you could train on ManageEngine Application Manager before 13730 which has at least one affecting "AMUserResourcesSyncServlet" :

https://manageenginesales.co.uk/news/manageengine-applications-manager-build-13730-released/

It is a blind SQL injection, however dumping data may not be the ultimate goal. It is possible to achieve RCE using PostgreSQL capabilities (default backend provided by manageengine), such as UDF for example. I think this vulnerability has been widely documented :-)

You can download the vulnerable software here: https://archives.manageengine.com/applications_manager/

Improve this answer
1
  • Thank you @meik for your response. I have actually done this for ManageEngine but unable to find anyother java based application. Can you help me with that please? Sorry not to include this in post earlier.
    – aneela
    Commented Feb 25, 2021 at 10:12

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.