e:["$","div",null,{"suppressHydrationWarning":true,"className":"max-w-screen overflow-hidden bg-asmPageTopBG bg-repeat-space bg-cover","children":["$","$L17",null,{"blok":{"_uid":"cb152be4-417a-4aef-9712-8494a3155411","body":[{"_uid":"4edbefe1-ae1d-43b7-8adc-d16a6e03346e","component":"global_header","reference":[{"name":"Navigation","created_at":"2025-12-29T16:21:06.224Z","published_at":"2025-12-10T18:12:48.651Z","updated_at":"2025-12-29T16:21:06.224Z","id":128350888873003,"uuid":"a01aed2a-fcd9-445e-ba4f-1e207f311d2b","content":{"_uid":"888f9d58-d099-4867-a1db-115cd704c6d4","global":[{"Nav":[{"_uid":"ba481eb4-d534-400f-b77a-aa26ad4718d2","name":"Products","title":"All Products","Navitems":[{"url":{"id":"5ba4d0b3-4dad-41b8-bbc3-6b1183a20287","url":"","linktype":"story","fieldtype":"multilink","cached_url":"attack-surface-management"},"_uid":"9960bd3d-1982-4572-a3bb-75cb0886b040","icon":{"id":21241298,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/a88052a5e6/asm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Attack Surface Management","subtitle":"Get a hacker’s view of your known & unknown assets and exposures.","component":"Headernavitem","_editable":""},{"url":{"id":"14293fda-cbfc-4292-889b-ac1fe826e69d","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-intelligence"},"_uid":"8700128b-0f30-4730-8a02-e8fb31f3527b","icon":{"id":21241294,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/7c5a26d895/vi.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Intelligence","subtitle":"Cybersecurity strategy with timely, contextual, & predictive insights.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"cbaff37c-0c5e-457a-a014-64e2a1a1579d","name":"Solutions","title":"All Solutions","Navitems":[{"url":{"id":"1fe67f71-dca0-4ae7-8086-45424812c7c2","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-management"},"_uid":"554e3dd3-c9f2-41ac-96f3-a4cfc227ecd5","icon":{"id":21241299,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/e7370ee665/vm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Management","subtitle":"Manage evolving risks with continuous threat analysis.","component":"Headernavitem","_editable":""},{"url":{"id":"9385496e-0e96-409c-a551-1be788461163","url":"","linktype":"story","fieldtype":"multilink","cached_url":"penetration-testing"},"_uid":"33edd474-13a7-4ce7-b86b-caa079bdf644","icon":{"id":21323606,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/12dc098b21/pentest-1.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Penetration Testing","subtitle":"Test your defenses before an attacker exploits them.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"bc900e69-950c-40fb-91af-9d4742d9f48e","name":"Use Cases","title":"All Use Cases","Navitems":[{"url":{"id":"0aaf2b18-9d31-4dce-937b-3dbb24b44e5a","url":"","linktype":"story","fieldtype":"multilink","cached_url":"continous-attack-surface-reduction"},"_uid":"e3765180-6f96-40eb-9f64-215b33de28db","icon":{"id":21241305,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/834a67323c/casr.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Continuous Attack Surface Reduction","subtitle":"Continuous visibility into your attack surface for proactive mitigation.","component":"Headernavitem","_editable":""},{"url":{"id":"17c33595-9ad4-45cf-aa34-1d759f00f4d8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"assets-with-known-ransomware-exploitable-vulnerabilities"},"_uid":"f8a18872-047e-4ae1-91ce-e54afb29b485","icon":{"id":21448618,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/4a5cbbbb3f/assets.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Assets with Known Ransomware & Exploitable Vulnerabilities","subtitle":"Discover if you are exposed to known ransomware vulnerabilities or not.","component":"Headernavitem","_editable":""},{"url":{"id":"59a08f71-0be4-46cf-9b61-af87e90775de","url":"","linktype":"story","fieldtype":"multilink","cached_url":"network-application-vulnerability-management"},"_uid":"68ad5556-028e-42c4-8c40-5278f33da543","icon":{"id":21241295,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/0fcbc28b9d/navm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Network & Application Vulnerability Management","subtitle":"We scan, detect, analyze, & prioritize vulnerabilities in your network & apps.","component":"Headernavitem","_editable":""},{"url":{"id":"e357eb6c-b37f-42c2-8160-c55410d1c6fd","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-prioritization"},"_uid":"7e2e4250-652c-47cd-8118-25c56396cfee","icon":{"id":21448658,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/5582316119/vulnerability-priortization.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Prioritization","subtitle":"Prioritize vulnerabilities for quicker remediation.","component":"Headernavitem","_editable":""},{"url":{"id":"1f0dc561-50ef-4fbe-b051-11e113988951","url":"","linktype":"story","fieldtype":"multilink","cached_url":"network-infrastructure-penetration-testing"},"_uid":"79250bf9-09ba-4dea-86bd-f576850a3057","icon":{"id":21241302,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/a9a76f74bf/nipt.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Network & Infrastructure Penetration Testing","subtitle":"Penetration experts simulate real-world attacks on your environment.","component":"Headernavitem","_editable":""},{"url":{"id":"44727d2d-19cd-4f69-a329-ccef5b64a5a7","url":"","linktype":"story","fieldtype":"multilink","cached_url":"meet-your-compliance-requirements"},"_uid":"d1abf960-90ab-4e4a-8147-89d998b16f3b","icon":{"id":21448637,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/9e6ffcf73a/meet.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Meet your Compliance Requirements","subtitle":"Manage compliance requirements and test your security controls.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"ce844fb3-7d75-43ca-b03d-fc2d36f03121","link":{"id":"c801d107-dc40-4bc1-99ba-243fe92ceee1","url":"","linktype":"story","fieldtype":"multilink","cached_url":"partners"},"name":"Partners","title":"Partners","Navitems":[],"component":"Navigation","_editable":""},{"_uid":"65cfc6ff-bb0b-4ff4-bd69-f3ab676e570f","name":"Resources","title":"All Resources","Navitems":[{"url":{"id":"db92bf62-b3aa-4767-8c4d-f8e6a6588af8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"reports"},"_uid":"cce882f8-f607-4ed6-9f5d-7d967509161b","icon":{"id":21241293,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/e019aafb50/reports.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Reports","subtitle":"Your trusted source for comprehensive insights.","component":"Headernavitem","_editable":""},{"url":{"id":"71481572-d542-499b-ba96-cf7eb6530c95","url":"","linktype":"story","fieldtype":"multilink","cached_url":"press-releases"},"_uid":"726f54bb-f50b-4d15-a032-564bc3ece243","icon":{"id":21241296,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/31f000d7f1/mc.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Press Releases","subtitle":"Latest announcements from Securin.","component":"Headernavitem","_editable":""},{"url":{"id":"","url":"https://www.securin.io/articles","linktype":"url","fieldtype":"multilink","cached_url":"https://www.securin.io/articles"},"_uid":"a734e86d-446c-4740-9fd5-67cd33a6ddff","icon":{"id":21241300,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/4f16501ed6/articles.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Articles","subtitle":"Read about the latest news & updates in cybersecurity.","component":"Headernavitem","_editable":""},{"url":{"id":"58fb24b2-197b-40c9-b96c-917f20a5203c","url":"","linktype":"story","fieldtype":"multilink","cached_url":"media-coverage"},"_uid":"c5455cdc-c4aa-4a7c-a24e-5cb816ba10e3","icon":{"id":22191227,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/689424e016/media-coverage-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Media Coverage","subtitle":"See Securin in the news.","component":"Headernavitem","_editable":""},{"url":{"id":"e9406dca-295b-4e76-8a13-3b057260fbf8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"zero-days"},"_uid":"cd0d1ab4-7b63-433d-b14a-d20dd2029925","icon":{"id":22191228,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/16276d1e46/zero-days-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Zero Days","subtitle":"Zero days discovered by Securin as a CNA.","component":"Headernavitem","_editable":""},{"url":{"id":"f8a9fdba-9a79-4683-b055-196f6972b35f","url":"","linktype":"story","fieldtype":"multilink","cached_url":"ai-research-and-development"},"_uid":"cf2db2da-1796-4a63-9172-45e2fa707f4e","icon":{"id":23128701,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/100x100/98f24a7a21/ai-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"AI R&D","subtitle":"Transforming AI security","component":"Headernavitem","_editable":""},{"url":{"id":"294fda8c-1175-4451-a050-4bd6a905b4d5","url":"","linktype":"story","fieldtype":"multilink","cached_url":"glossary"},"_uid":"9ff4140b-e81b-4e52-98c2-acd88945ac3f","icon":{"id":119355095319110,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/2b0bf16205/whatsapp-image-2025-12-03-at-5-47-53-pm.jpeg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Glossary","subtitle":"Your essential cybersecurity glossary.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"4c1f8557-0141-4730-8f9f-53d1afccd253","name":"About Us","title":"About Us","Navitems":[{"url":{"id":"d50c67b9-5e79-4b73-b17e-64b2b62cd1c8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"overview"},"_uid":"ab8f54f9-4c47-47bd-8b3e-968740897e02","icon":{"id":21448402,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/9c403d1155/who-we-are.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Who We Are","subtitle":"Get to know us better!","component":"Headernavitem","_editable":""},{"url":{"id":"","url":"https://careers.securin.io/jobs/Careers","target":"_blank","linktype":"url","fieldtype":"multilink","cached_url":"https://careers.securin.io/jobs/Careers"},"_uid":"eaec0e73-d5ad-4a34-b535-54c2f6f45d70","icon":{"id":21448419,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/37c7256d56/career.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Careers","subtitle":"Come work with us.","component":"Headernavitem","_editable":""},{"url":{"id":"2de96d0f-a87b-4413-844a-afdc684462ee","url":"","linktype":"story","fieldtype":"multilink","cached_url":"patents"},"_uid":"99148571-68ba-4af3-a2b5-28df368679c5","icon":{"id":22748194,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/312x385/be4d582b51/securin-patent-1.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Patents","subtitle":"Our innovative cybersecurity patents .","component":"Headernavitem","_editable":""},{"url":{"id":"459c627c-58d2-4d3b-9041-a2c79e1452c9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"contact-us"},"_uid":"60f08250-27e1-4de0-b251-a4e241d593fa","icon":{"id":21448457,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/1cdadd4651/let-s-chat.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Let's Chat","subtitle":"Connect with our experts.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""}],"_uid":"2cf86c8f-c4a6-4a06-b37e-514864bee646","component":"GlobalNav","_editable":""}],"component":"Global","_editable":""},"slug":"navigation","full_slug":"global/navigation","sort_by_date":null,"position":-10,"tag_list":[],"is_startpage":false,"parent_id":128350878718819,"meta_data":null,"group_id":"7eece501-7a27-4c71-8033-d7a2ec2f9b6e","first_published_at":"2025-03-05T13:02:52.985Z","release_id":null,"lang":"default","path":null,"alternates":[],"default_full_slug":null,"translated_slugs":null,"_stopResolving":true}],"_editable":""},{"_uid":"806a061f-8c6a-4e76-a304-af973b8af6b0","lead":"CVE-2020-24600","image":{"id":22297366,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/382x407/a3f76caab5/critical.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"heading":"Securin Zero-Days","component":"Zero Days Hero","subheading":"SQL Injection in CAPExWeb","published_date":"2020-07-01 18:51","publisher_icon":{"id":22220984,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/1200x1200/1a1da75d1b/capexweb.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"_editable":""},{"_uid":"0d770317-59d6-43e5-8788-ba78d171568e","component":"Zero Days Table","TableColumn":[{"_uid":"a25557b9-165d-4112-bf09-32ed0f8d1e42","lead":"Shilpi","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Vendor","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"50ee0394-b48c-47d5-9b41-228354a9849b","lead":"CAPExWeb","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Affected Product","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"40105dfa-9801-4fc4-ae18-82c9bf7fa40f","lead":"CVE-2020-24600\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"CVE","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"ee77fdf5-489a-448e-8a8e-db9609e84050","lead":"2020-CSW-01-1038\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Securin ID","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"f6141e15-7269-43d7-9243-7a27ed9b1ecd","lead":"Fixed","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Status","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"af1bb479-00e0-48ac-a88a-94f10ab9bb9d","lead":"July 1, 2020\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Date","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""}],"_editable":""},{"_uid":"36698a31-a1f6-4d14-98e2-35dc4102085d","content":{"type":"doc","content":[{"type":"heading","attrs":{"level":3},"content":[{"text":"Description","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"The GET request parameters in servlet/capexweb.cap_sendMail are vulnerable to SQL Injection. An unauthenticated user can take over the database of the application.","type":"text","marks":[{"type":"textStyle","attrs":{"color":"#000000"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Proof of Concept (POC):","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"The following vulnerability was tested on CAPExWeb version 1.1 Product.","type":"text"}]},{"type":"ordered_list","attrs":{"order":1},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Visit the /capexweb/capexweb URI on the server where the capexweb client is installed.","type":"text"}]}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221048,"alt":"","src":"https://a.storyblok.com/f/313778/975x500/bf31e46a61/fig-1.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-1: Default login page of the application.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"ordered_list","attrs":{"order":1},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Now, fill the login form with the wrong details and submit them.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":" ","type":"text"},{"type":"image","attrs":{"id":22221046,"alt":"","src":"https://a.storyblok.com/f/313778/442x183/e94f92d729/download-6.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-2: Login form with invalid credentials.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221045,"alt":"","src":"https://a.storyblok.com/f/313778/314x162/03311a1808/download-7.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-3: Response shows the credentials are invalid.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"ordered_list","attrs":{"order":2},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"From the error response, click on the “Forgot My User id or Password” link.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Note: We cannot navigate to the capforgotpassword.jsp directly, as the application takes the user id from the previously submitted request.","type":"text"}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221044,"alt":"","src":"https://a.storyblok.com/f/313778/975x395/6ade9023c0/fig-4.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-4: Response shows user-id as null if we navigate to capforgotpassword.jsp directly.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221043,"alt":"","src":"https://a.storyblok.com/f/313778/945x392/a9b2803bce/fig-5.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-5: Forgot password page with user-id value submitted in the login page. Now, click on the send request button.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"ordered_list","attrs":{"order":3},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"The browser sends the following request to the server.","type":"text"}]}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221047,"alt":"","src":"https://a.storyblok.com/f/313778/876x362/72cc4e4351/fig-6.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-6: Forgot password request","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221033,"alt":"","src":"https://a.storyblok.com/f/313778/975x432/36e60e83f1/fig-7.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-7: Response from the server for invalid user id.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221042,"alt":"","src":"https://a.storyblok.com/f/313778/975x212/f0a1de4dcc/fig-8.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-8: Replay of forgot password page with user-id value containing a single quote returns ORA string not properly terminated error message from the database.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221040,"alt":"","src":"https://a.storyblok.com/f/313778/975x193/7dcc3d1be9/fig-9.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-9: Replay of forgot password page with user-id value containing two quotes returns valid error message from the application.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221041,"alt":"","src":"https://a.storyblok.com/f/313778/975x207/fc4ad0fd4c/fig-10.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-10: Replay of forgot password page with user-id value contains comments to truncate the query after user-id returns missing right parenthesis from the database server.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221034,"alt":"","src":"https://a.storyblok.com/f/313778/975x213/8e224f59bf/fig-11.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-11: Replay of forgot password page with user-id value contains a single quote and right parenthesis returns quoted string not properly terminated error message from the database server.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221038,"alt":"","src":"https://a.storyblok.com/f/313778/975x200/b8f9a18844/fig-12.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-12: Replay of forgot password page with user-id value contains a single quote, right parenthesis, and comment returns missing right parenthesis error message from the database server.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"text":"Note:","type":"text","marks":[{"type":"bold"}]},{"text":" After analyzing the responses for different payloads, the payload needs two right parentheses to work.","type":"text"}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221035,"alt":"","src":"https://a.storyblok.com/f/313778/975x219/685dbe6f43/fig-13.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-13: Replay of forgot password page with user-id value contains a single quote, two right parentheses, and comment returns a valid error message from the application.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"text":"Note:","type":"text","marks":[{"type":"bold"}]},{"text":" The proper execution of functionality sends an email or SMS to the user. In production servers, checking this issue may impact all the users. As we do not have a valid user id, trying for always real conditions impacts all the users in the application. So, to minimize the impact on one user, use the ROWNUM condition.","type":"text"}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221032,"alt":"","src":"https://a.storyblok.com/f/313778/975x219/9e06e8ed78/fig-14.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-14: Request with ROWNUM condition as part of the payload.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221037,"alt":"","src":"https://a.storyblok.com/f/313778/975x366/2ca93f7097/fig-15.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-15: User id value with always true condition and ROWNUM condition does not show invalid user id or pan.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221036,"alt":"","src":"https://a.storyblok.com/f/313778/975x366/22a98515f7/fig-16.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-16: The payload XORXX’)) or%201=ctxsys.drithsx.sn (1, (select%20sys.stragg(distinct%20banner)%20from%20v$version))– in request to retrieve the data from the database in error information.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22221039,"alt":"","src":"https://a.storyblok.com/f/313778/755x255/03d13c80f1/fig-17.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure-17: The available databases in the Oracle database server.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Impact","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business.","type":"text","marks":[{"type":"textStyle","attrs":{"color":"#000000"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Remediations","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"Use parameterized queries when dealing with SQL queries that contain user input. Parameterized queries allow the database to understand which parts of the SQL query should be considered as user input, therefore solving SQL injection.","type":"text","marks":[{"type":"textStyle","attrs":{"color":"#000000"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Timeline","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph"}]},"component":"Zero Days Content","_editable":""},{"_uid":"d23431e6-b0c4-4b31-b8ef-7fc30f713473","component":"Timeline Content","TimelineItems":[{"_uid":"a880c229-3198-4aa2-ab58-4233b09bfa7c","lead":"Discovered in our research lab\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"July 01, 2020","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"e96e3743-d5ac-44dc-9875-d87aaa6fd007","lead":"Followed up with the Vendor\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"July 17, 2020","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"88f4261a-bbfc-4d1c-b625-0184fe61c4cf","lead":"Followed up with the Vendor","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"July 29, 2020","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"0ab38f57-0093-4377-94d4-99c05a006daa","lead":"Informed CERT-in about the vulnerability","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"October 7, 2020","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"e608ae8b-bb23-4346-9de4-cfd174becc2a","lead":"CERT-in confirmed the vulnerability fix\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"November 27, 2020","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""}],"_editable":""},{"_uid":"7f1fa798-d559-4e8d-acba-4b5158cf64f2","icon":{"id":22108202,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/54x69/75ce3828b1/zerodaysfc.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"text":"Let Securin level up your security posture!","component":"Zero Days Footer CTA","buttonLink":{"id":"459c627c-58d2-4d3b-9041-a2c79e1452c9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"contact-us"},"buttonText":"Start Now","_editable":""},{"_uid":"c80c46e2-704d-4662-b20a-4f2afeaf2950","component":"global_reference","reference":[{"name":"Footer","created_at":"2025-12-29T16:21:06.224Z","published_at":"2025-09-25T08:28:11.663Z","updated_at":"2025-12-29T16:21:06.224Z","id":128350888873002,"uuid":"dab2b928-0fc3-4089-80b3-767d414eae87","content":{"_uid":"78c16d78-9604-4304-8964-fb9c971cec17","global":[{"_uid":"c38a57d1-6019-4662-ac0d-4ff9dc3d2700","items":[{"_uid":"1321a724-b4f0-4637-b2d7-4d958f76bcb7","text":"Securin helps leaders continuously improve their security posture. We work as an extension of your team to better protect your organization.","image":{"id":21111115,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/196x43/202124087b/securinlogo.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"FooterColumn1","sociallinks":[{"url":{"id":"","url":"https://www.facebook.com/securininc/","linktype":"url","fieldtype":"multilink","cached_url":"https://www.facebook.com/securininc/"},"_uid":"483fbfd4-d5de-4cfc-930a-99ad920c9b51","image":{"id":21111123,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/31d436da9a/facebook.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.linkedin.com/company/securin-inc","linktype":"url","fieldtype":"multilink","cached_url":"https://www.linkedin.com/company/securin-inc"},"_uid":"fd906267-1e23-41b9-8453-c00359787bc4","image":{"id":21111126,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/d1c9e6c6b2/linkedin.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://x.com/securin_inc","linktype":"url","fieldtype":"multilink","cached_url":"https://x.com/securin_inc"},"_uid":"023d62af-458f-4af0-b057-c421664bc550","image":{"id":21111125,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/7fa2bcc6d1/x.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.youtube.com/channel/UCUbeF1KnED2KR87b74moVng","linktype":"url","fieldtype":"multilink","cached_url":"https://www.youtube.com/channel/UCUbeF1KnED2KR87b74moVng"},"_uid":"27bc3da1-b1bf-452b-899b-f726e0573785","image":{"id":21111124,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/5bab65fc1e/yt.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.instagram.com/securininc/","linktype":"url","fieldtype":"multilink","cached_url":"https://www.instagram.com/securininc/"},"_uid":"bca52616-0b28-48b1-9ff5-78da89049b91","image":{"id":21111122,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/e2b9a06f92/instagram.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""}],"_editable":""},{"_uid":"0550b47c-24a0-4335-a246-a44b5447a111","email":"info@securin.io","phone":"+1 844-391-2089","title":"Contact Us","address":"2440 Louisiana Blvd NE #560, Albuquerque, NM 87110","component":"FooterColumn2","_editable":""},{"_uid":"4261e9fd-90be-43ba-989c-b18bf214df1a","Title":"Solutions","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"5ba4d0b3-4dad-41b8-bbc3-6b1183a20287","url":"","linktype":"story","fieldtype":"multilink","cached_url":"attack-surface-management"},"_uid":"4b5af435-681f-4ddf-a514-d42f5b500594","text":"Attack Surface Management","component":"FooterLink","_editable":""},{"url":{"id":"14293fda-cbfc-4292-889b-ac1fe826e69d","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-intelligence"},"_uid":"05012d2c-7e65-4796-abfe-cec840dcec79","text":"Vulnerability Intelligence","component":"FooterLink","_editable":""},{"url":{"id":"1fe67f71-dca0-4ae7-8086-45424812c7c2","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-management"},"_uid":"0c3f0709-675a-401a-b6aa-cdddae9f88de","text":"Vulnerability Management","component":"FooterLink","_editable":""},{"url":{"id":"9385496e-0e96-409c-a551-1be788461163","url":"","linktype":"story","fieldtype":"multilink","cached_url":"penetration-testing"},"_uid":"a11c509a-3975-4115-9b5b-17fad5298c18","text":"Penetration Testing","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"9bdee094-39b9-4230-8c02-a2bfb41f6f2e","Title":"Resources","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"","url":"https://www.securin.io/articles","linktype":"url","fieldtype":"multilink","cached_url":"https://www.securin.io/articles"},"_uid":"3d29a8a0-0be1-4d0e-891e-6c1e17171484","text":"Articles","component":"FooterLink","_editable":""},{"url":{"id":"db92bf62-b3aa-4767-8c4d-f8e6a6588af8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"reports"},"_uid":"0e1baf58-1d99-4a31-b715-20c0014c0c7f","text":"Reports","component":"FooterLink","_editable":""},{"url":{"id":"71481572-d542-499b-ba96-cf7eb6530c95","url":"","linktype":"story","fieldtype":"multilink","cached_url":"press-releases"},"_uid":"c7cc1a4b-a94e-4152-89f8-9de0b70693b8","text":"Press Releases","component":"FooterLink","_editable":""},{"url":{"id":"58fb24b2-197b-40c9-b96c-917f20a5203c","url":"","linktype":"story","fieldtype":"multilink","cached_url":"media-coverage"},"_uid":"05496d03-da7f-4506-96b9-5cecdb65a5ad","text":"Media Coverage","component":"FooterLink","_editable":""},{"url":{"id":"e9406dca-295b-4e76-8a13-3b057260fbf8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"zero-days"},"_uid":"ecbd6fa6-92c0-4bc0-842a-93703b0447a4","text":"Zero Days","component":"FooterLink","_editable":""},{"url":{"id":"f8a9fdba-9a79-4683-b055-196f6972b35f","url":"","linktype":"story","fieldtype":"multilink","cached_url":"ai-research-and-development"},"_uid":"bfa230aa-d0e3-461b-b426-e6630fdc0c69","text":"AI R&D","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"fee5eb9a-d971-4764-b21c-bc91df2b059c","Title":"Company","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"d50c67b9-5e79-4b73-b17e-64b2b62cd1c8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"overview"},"_uid":"4d9f8089-31c1-4a0b-884c-f3f95e198df7","text":"Who We Are","component":"FooterLink","_editable":""},{"url":{"id":"b50e02db-acf6-421f-9818-eeb29d991537","url":"","linktype":"story","fieldtype":"multilink","cached_url":"careers"},"_uid":"77b87ac9-8c7a-448a-96ee-4a92183f9792","text":"Careers","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"e387cd83-c5ac-49d4-92ce-e9e9bcce9e7e","links":[{"url":{"id":"7fc51f60-331b-42d5-bb41-4b190aca7e66","url":"","linktype":"story","fieldtype":"multilink","cached_url":"privacy-policy"},"_uid":"b6e10f1b-9d8b-419c-9ce2-e5a621144105","text":"Privacy Policy","component":"FooterLink","_editable":""},{"url":{"id":"b30581f8-32a0-467a-a935-eda15bf6d9e9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"customer-agreements"},"_uid":"3346f5e4-a947-44e0-9ed7-c4ff38a42e30","text":"Customer Agreements","component":"FooterLink","_editable":""},{"url":{"id":"","url":"","linktype":"story","fieldtype":"multilink","cached_url":""},"_uid":"718dc509-b52a-4050-a565-2ed72524f0ff","text":"Sitemap","component":"FooterLink","_editable":""}],"component":"FooterBottom","copyright":"© Copyright 2025 Securin. All Rights Reserved.","_editable":""}],"component":"GlobalFooter","FooterBottom":[{"_uid":"c31edcc5-d2cb-4d2c-b4d6-c91225c9cee8","links":[{"url":{"id":"7fc51f60-331b-42d5-bb41-4b190aca7e66","url":"","linktype":"story","fieldtype":"multilink","cached_url":"privacy-policy"},"_uid":"aa9fd59a-54a5-4be0-881e-566b063eea06","text":"Privacy Policy","component":"FooterLink","_editable":""},{"url":{"id":"b30581f8-32a0-467a-a935-eda15bf6d9e9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"customer-agreements"},"_uid":"b1904ce9-2542-4525-8c04-9c3576c62afa","text":"Customer Agreements","component":"FooterLink","_editable":""}],"component":"FooterBottom","copyright":"© Copyright 2025 Securin. All Rights Reserved.","_editable":""}],"_editable":""}],"component":"Global","_editable":""},"slug":"footer","full_slug":"global/footer","sort_by_date":null,"position":0,"tag_list":[],"is_startpage":false,"parent_id":128350878718819,"meta_data":null,"group_id":"f7518288-834a-4090-94b8-8ef3b2143a8c","first_published_at":"2025-02-26T08:19:02.299Z","release_id":null,"lang":"default","path":null,"alternates":[],"default_full_slug":null,"translated_slugs":null,"_stopResolving":true}],"_editable":""}],"component":"page","datasheet":{"id":"","url":"","linktype":"story","fieldtype":"multilink","cached_url":""},"metafields":{"_uid":"b0337aeb-a0cb-4d33-a404-50b260abfbed","title":"CVE-2020-24600: SQL Injection in Shilpi CAPExWeb 1.1","plugin":"seo_metatags","og_image":"https://a.storyblok.com/f/313778/1200x1200/1ff571cfe8/securin-thumb.jpg","og_title":"CVE-2020-24600: SQL Injection in Shilpi CAPExWeb 1.1","description":"Securin reports CVE-2020-24600—a critical SQL injection flaw in Shilpi CAPExWeb 1.1. Learn about risks, PoC, and mitigation steps.","twitter_image":"https://a.storyblok.com/f/313778/1200x1200/1ff571cfe8/securin-thumb.jpg","twitter_title":"CVE-2020-24600: SQL Injection in Shilpi CAPExWeb 1.1","og_description":"Securin reports CVE-2020-24600—a critical SQL injection flaw in Shilpi CAPExWeb 1.1. Learn about risks, PoC, and mitigation steps.","twitter_description":"Securin reports CVE-2020-24600—a critical SQL injection flaw in Shilpi CAPExWeb 1.1. Learn about risks, PoC, and mitigation steps."},"_editable":""}}]}]