DUware Software多个远程漏洞

DUware Software多个远程漏洞

漏洞ID 1108217 漏洞类型 未知
发布时间 2004-10-11 更新时间 2005-10-20
图片[1]-DUware Software多个远程漏洞-安全小百科CVE编号 CVE-2004-2198
图片[2]-DUware Software多个远程漏洞-安全小百科CNNVD-ID CNNVD-200412-1093
漏洞平台 ASP CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/24672
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1093
|漏洞详情
DUwareDUclassmate1.0到1.1版本的account.asp存在漏洞。远程攻击者可以通过修改“MyAccount”页面上的MM_recordId参数修改任意用户的密码。
|漏洞EXP
source: http://www.securityfocus.com/bid/11363/info
 
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
 
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
 
DUclassified is reported prone to multiple SQL injection vulnerabilities.
 
SQL injection issues also affect DUforum.
 
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.
 

<input type="hidden" name="MM_recordId" value="[Your ID Number]">
|参考资料

来源:XF
名称:duclassmate-password-modification(17682)
链接:http://xforce.iss.net/xforce/xfdb/17682
来源:SECTRACK
名称:1011597
链接:http://www.securitytracker.com/alerts/2004/Oct/1011597.html
来源:BID
名称:11363
链接:http://www.securityfocus.com/bid/11363
来源:OSVDB
名称:10663
链接:http://www.osvdb.org/10663

相关推荐: Microsoft IE5 XML HTTP Redirect Vulnerability

Microsoft IE5 XML HTTP Redirect Vulnerability 漏洞ID 1104520 漏洞类型 Design Error 发布时间 1999-11-22 更新时间 1999-11-22 CVE编号 N/A CNNVD-ID N/…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享