Videos

Description of the Discovered Bug: Blind SQL Injection in ICANN System Bug Name: Blind SQL Injection Severity: Critical Description: A critical vulnerability, identified as a Blind SQL Injection, has been discovered in the ICANN system. This security flaw allows an attacker to inject malicious SQL queries into the database through seemingly innocent user inputs. As a result, unauthorized access to the database was gained, leading to the exposure of sensitive information. Impact: The exploitation of this blind SQL injection vulnerability has far-reaching consequences, including: - Unauthorized Database Access: Full access to the database was achieved, allowing the attacker to read, modify, and delete data at will. - Exposure of Sensitive Information: All user data stored in the database, including personal information and credentials, was compromised. - Compromise of Website Secret Keys: Critical secret keys used for securing various functionalities of the website were exposed, putting the entire system's integrity and security at risk. Technical Details: Blind SQL injection attacks exploit web application vulnerabilities by inserting malicious SQL statements into an input field. Unlike standard SQL injection, blind SQL injection does not directly return data. Instead, the attacker infers information by analyzing the application's responses to the crafted queries. In this particular instance, the blind SQL injection was exploited through a vulnerable parameter in the ICANN web application. By systematically injecting SQL payloads and observing the server's responses, the attacker successfully bypassed input validation and gained unauthorized access to the database.