Flying Dog Software Powerslave 4.3 Portalmanager – ‘sql_id’ Information Disclosure

20次阅读
没有评论

Flying Dog Software Powerslave 4.3 Portalmanager – ‘sql_id’ Information Disclosure

漏洞ID 1054174 漏洞类型
发布时间 2003-09-19 更新时间 2003-09-19
Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information DisclosureCVE编号 N/A
Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information DisclosureCNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23163
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8659/info

It has been reported that Powerslave Portalmanager is prone to an information disclosure issue that may allow remote attackers to gain access to sensitive information about the underlying database structure. The problem is reported to exist in the sql_id parameter. An attacker may insert malformed SQL queries in sql_id, resulting in the software generating an error message and disclosing sensitive database information. Although unconfirmed attackers may also be able to execute arbitrary SQL commands under certain circumstances.

Successful exploitation of this vulnerability may allow an attacker to disclose sensitive information about the database that may be used to launch further attacks against a vulnerable system.

Powerslave version 4.3 is reported to be prone to this vulnerability, however other versions may be affected as well.

http://www.example.com/powerslave,id,10;,nodeid,,_language,uk.html
|
|- ; or modified querys
and table-numbers.

Error: Could't find article!
SELECT example_table.* FROM example_table WHERE example_table.ID=10;

相关推荐: D-Forum Remote File Include Vulnerability

D-Forum Remote File Include Vulnerability 漏洞ID 1100835 漏洞类型 Input Validation Error 发布时间 2003-02-18 更新时间 2003-02-18 CVE编号 N/A CNNVD…

正文完
 0