IWebNegar多个SQL注入漏洞

IWebNegar多个SQL注入漏洞

漏洞ID 1108361 漏洞类型 SQL注入
发布时间 2004-12-15 更新时间 2005-10-20
图片[1]-IWebNegar多个SQL注入漏洞-安全小百科CVE编号 CVE-2004-1402
图片[2]-IWebNegar多个SQL注入漏洞-安全小百科CNNVD-ID CNNVD-200412-1089
漏洞平台 PHP CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/24842
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1089
|漏洞详情
IWebNegar存在SQL注入漏洞。远程攻击者可以借助(1)index.php的string参数,(2)comments.php,或者(3)管理员登陆页面执行任意SQL命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/11946/info

iWebNegar is reported prone to multiple SQL injection vulnerabilities, these issues exist due to a lack of sufficient boundary checks performed on user-supplied URI parameter data.

These issues could theoretically be exploited to compromise the software by performing unauthorized actions on the database, such as modifying or viewing data. SQL injection attacks may also be used to exploit latent vulnerabilities in the underlying database. This may depend on the nature of the query being manipulated as well as the capabilities of the database implementation.

http://www.example.com/weblog/index.php?string=[sql injection code]
|参考资料

来源:XF
名称:iwebnegar-sql-injection(18505)
链接:http://xforce.iss.net/xforce/xfdb/18505
来源:BID
名称:11946
链接:http://www.securityfocus.com/bid/11946
来源:BUGTRAQ
名称:20041215iwebnegarisvulnerabletoallkindofsqlinjections
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110314454810163&w;=2

相关推荐: Jason Maloney’s Guestbook Remote Command Execution Vulnerability

Jason Maloney’s Guestbook Remote Command Execution Vulnerability 漏洞ID 1099193 漏洞类型 Input Validation Error 发布时间 2003-12-01 更新时间 200…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享