Py-Membres 4.x – ‘Pass_done.php’ SQL Injection

Py-Membres 4.x – ‘Pass_done.php’ SQL Injection

漏洞ID 1054125 漏洞类型
发布时间 2003-08-26 更新时间 2003-08-26
图片[1]-Py-Membres 4.x – ‘Pass_done.php’ SQL Injection-安全小百科CVE编号 N/A
图片[2]-Py-Membres 4.x – ‘Pass_done.php’ SQL Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23061
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8500/info

A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries.

It has been reported that an input validation error exists in the pass_done.php file included with Py-Membres. Because of this, a remote attacker may launch SQL injection attacks through the software. 

http://www.example.com/pass_done.php?Submit=1&email='%20OR%203%20IN%20(1,2,3)%20INTO%20OUTFILE%20'/complete/path/file.txt

相关推荐: Gnut Gnutella Client Arbitrary Script Code Execution Vulnerability

Gnut Gnutella Client Arbitrary Script Code Execution Vulnerability 漏洞ID 1102963 漏洞类型 Input Validation Error 发布时间 2001-08-30 更新时间 2…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享