Tutorials Manager 1.0 – Multiple SQL Injections

Tutorials Manager 1.0 – Multiple SQL Injections

漏洞ID 1054471 漏洞类型
发布时间 2004-05-10 更新时间 2004-05-10
图片[1]-Tutorials Manager 1.0 – Multiple SQL Injections-安全小百科CVE编号 N/A
图片[2]-Tutorials Manager 1.0 – Multiple SQL Injections-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24104
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10314/info

Reportedly Tutorials Manager is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.

These SQL injection issues might allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

http://www.example.com/guides/index.php?lang=0&CODE=02&id=1[SQL]
http://www.example.com/guides/index.php?lang=0&CODE=01&id=1[SQL]
http://www.example.com/guides/index.php?lang=0&CODE=14&id=1[SQL]
http://www.example.com/guides/admin.php?s=[SOMETHING]&act=own
http://www.example.com/sites/guides/admin.php?s=[SOMETHING]&act=admin&CODE=01

Passing the input ' OR 1=1 /* through the 'username' filed of the 'admin.php' script is reported to grant unauthorized administrator access to the affected application.

相关推荐: Microsoft Windows Media Player Javascript URL Vulnerability

Microsoft Windows Media Player Javascript URL Vulnerability 漏洞ID 1103543 漏洞类型 Access Validation Error 发布时间 2001-01-01 更新时间 2001-01…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享