Py-Membres 4.x – ‘Pass_done.php’ SQL Injection

18次阅读
没有评论

Py-Membres 4.x – ‘Pass_done.php’ SQL Injection

漏洞ID 1054125 漏洞类型
发布时间 2003-08-26 更新时间 2003-08-26
Py-Membres 4.x - 'Pass_done.php' SQL InjectionCVE编号 N/A
Py-Membres 4.x - 'Pass_done.php' SQL InjectionCNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23061
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8500/info

A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries.

It has been reported that an input validation error exists in the pass_done.php file included with Py-Membres. Because of this, a remote attacker may launch SQL injection attacks through the software. 

http://www.example.com/pass_done.php?Submit=1&email='%20OR%203%20IN%20(1,2,3)%20INTO%20OUTFILE%20'/complete/path/file.txt

相关推荐: Gnut Gnutella Client Arbitrary Script Code Execution Vulnerability

Gnut Gnutella Client Arbitrary Script Code Execution Vulnerability 漏洞ID 1102963 漏洞类型 Input Validation Error 发布时间 2001-08-30 更新时间 2…

正文完
 0