global.php3 of AttilaPHP SQL注入漏洞

global.php3 of AttilaPHP SQL注入漏洞

漏洞ID 1107457 漏洞类型 SQL注入
发布时间 2003-08-26 更新时间 2003-10-20
图片[1]-global.php3 of AttilaPHP SQL注入漏洞-安全小百科CVE编号 CVE-2003-0752
图片[2]-global.php3 of AttilaPHP SQL注入漏洞-安全小百科CNNVD-ID CNNVD-200310-059
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23064
https://www.securityfocus.com/bid/82731
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-059
|漏洞详情
global.php3ofAttilaPHP3.0版本和可能早期的版本存在SQL注入漏洞。远程攻击者可以通过modifiedcook_id参数绕过验证。
|漏洞EXP
source: http://www.securityfocus.com/bid/8502/info

An SQL injection vulnerability has been reported in Attila PHP that could allow an attacker to gain unauthorized privileged access to a target site. This could be accomplished by requesting a URI including parameters designed to influence the results of specific user verification checks. Privileged access to a site implementing Attila PHP could allow an attacker to gain sensitive information or launch other attacks. 

Set the URI parameter "cook_id" to the value "0 OR visiteur=1" in a request to
http://www.example.org/index.php3
|受影响的产品
Attila-Php.Net Attilaphp 3.0
|参考资料

来源:VULNWATCH
名称:20030826[PHP]AttilaPHP3.0:User/AdminAccess
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0090.html

相关推荐: 思科缓存引擎替换缓存内容漏洞

思科缓存引擎替换缓存内容漏洞 漏洞ID 1206800 漏洞类型 未知 发布时间 1999-12-16 更新时间 1999-12-16 CVE编号 CVE-1999-0998 CNNVD-ID CNNVD-199912-058 漏洞平台 N/A CVSS评分 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享