Flying Dog Software Powerslave 4.3 Portalmanager – ‘sql_id’ Information Disclosure

Flying Dog Software Powerslave 4.3 Portalmanager – ‘sql_id’ Information Disclosure

漏洞ID 1054174 漏洞类型
发布时间 2003-09-19 更新时间 2003-09-19
图片[1]-Flying Dog Software Powerslave 4.3 Portalmanager – ‘sql_id’ Information Disclosure-安全小百科CVE编号 N/A
图片[2]-Flying Dog Software Powerslave 4.3 Portalmanager – ‘sql_id’ Information Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23163
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8659/info

It has been reported that Powerslave Portalmanager is prone to an information disclosure issue that may allow remote attackers to gain access to sensitive information about the underlying database structure. The problem is reported to exist in the sql_id parameter. An attacker may insert malformed SQL queries in sql_id, resulting in the software generating an error message and disclosing sensitive database information. Although unconfirmed attackers may also be able to execute arbitrary SQL commands under certain circumstances.

Successful exploitation of this vulnerability may allow an attacker to disclose sensitive information about the database that may be used to launch further attacks against a vulnerable system.

Powerslave version 4.3 is reported to be prone to this vulnerability, however other versions may be affected as well.

http://www.example.com/powerslave,id,10;,nodeid,,_language,uk.html
|
|- ; or modified querys
and table-numbers.

Error: Could't find article!
SELECT example_table.* FROM example_table WHERE example_table.ID=10;

相关推荐: D-Forum Remote File Include Vulnerability

D-Forum Remote File Include Vulnerability 漏洞ID 1100835 漏洞类型 Input Validation Error 发布时间 2003-02-18 更新时间 2003-02-18 CVE编号 N/A CNNVD…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享