nGenuity Information Services » 2009 » August

Aug 14 2009

Blind SQL Injection in playfoursquare.com

I stumbled upon a fun little sql injection in playfoursquare the other day. I notified them but have not heard back, but it appears it has been addressed so here are the details.

     It was possible to inject specially crafted SQL into the cookie "cookieCityID"
     which provides 

     If you set the cookie to the value below the query will take roughly 5-7
     seconds to return with this "True" condition (1=1).

     (SELECT IF(1=1,BENCHMARK(1000000,SHA1(1)),0))

     If you change the logic condition to 1=0 (False) the query returns
     immediately demonstrating that blind SQL injection is possible.

     (SELECT IF(1=0,BENCHMARK(1000000,SHA1(1)),0))

III. REFERENCES
     [1] - http://playfoursquare.com

Copyright (c) 2009 nGenuity Information Services, LLC

Tags: blind sqli, playfoursquare, sqli, webappsec

Filed in Web Application Security | Adam Baldwin | Comments Off

Categories
- Advisories (14)
- Authentication (4)
- Awareness (2)
- Business Continuity (2)
- conference (1)
- Events (3)
- Finance (1)
- Healthcare (3)
- JavaScript (1)
- nGenuity News (3)
- Phishing (3)
- privacy (1)
- Realty (2)
- Security (5)
- Sense of Security (2)
- Social Engineering (3)
- Software as a Service (1)
- Telecommunications (2)
- Uncategorized (3)
- Web Application Security (24)
August 2009

M T W T F S S

« Jul Sep »

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24 25 26 27 28 29 30

31

August 2009
M	T	W	T	F	S	S
« Jul				Sep »
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Security for the A.D.D generation

Blind SQL Injection in playfoursquare.com

Categories