Possible Generic SQL Injection (blind, time based)
Created by: m-a-r-c-o
We use GitLab on a dedicated Debian 7 server within our research group at work. The company network is automatically scanned for vulnerabilities by a Nessus scanner. Some days ago this scanner found a possible vulnerability on our GitLab 7.7.1 (03087bf) installation:
Nessus Output:
Port: 443/tcp Using the GET HTTP method; Nessus found that :
+ The following resources may be vulnerable to blind SQL injection (time based) :
+ The 'utf8' parameter of the /git-docs-and-misc/sandbox/issues/3 CGI : /git-docs-and-misc/sandbox/issues/3?_method=patch&utf8=%e2%9c%93%20AND%2 00%20IN%20(SELECT%20SLEEP(21))%20--%20
-------- output --------
<!DOCTYPE html> <html lang='en'> <head> <meta charset='utf-8'> <meta content='GitLab Community Edition' name='description'> <title> Git Docs and Misc / Sandbox | GitLab </title> <link href="/assets/favicon-baaa14bade1248aa6165e9d34e7d83c0.ico" [...] [...]
------------------------My Ruby/Rails skills are currently very limited so I don't feel like I'm able to solve this on my own. Is here anybody who can check if this is a real problem or a false positive?