BibORB多个输入验证漏洞

BibORB多个输入验证漏洞

漏洞ID 1108465 漏洞类型 路径遍历
发布时间 2005-02-17 更新时间 2005-10-20
图片[1]-BibORB多个输入验证漏洞-安全小百科CVE编号 CVE-2005-0253
图片[2]-BibORB多个输入验证漏洞-安全小百科CNNVD-ID CNNVD-200505-731
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25120
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-731
|漏洞详情
BibORB1.3.2及可能的更早版本的index.php存在目录遍历漏洞,远程攻击者可以通过一个删除操作和在database_name参数内的一个..(点点)序列来删除任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/12583/info
  
  
BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks.
  
These vulnerabilities are reported to affect BibORB version 1.3.2 and all previous versions. 

http://www.example.com/to/biborb/index.php?mode=result&database_name=../config.php&action=Delete
|参考资料

来源:BID
名称:12583
链接:http://www.securityfocus.com/bid/12583
来源:FULLDISC
名称:20050217Advisory:MultipleVulnerabilitiesinBibORB
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m;=110864983905770&w;=2
来源:BUGTRAQ
名称:20050217Advisory:MultipleVulnerabilitiesinBibORB
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110868948719773&w;=2

相关推荐: Sygate Personal Firewall Pro 5.5 – Local Fail-Close Bypass

Sygate Personal Firewall Pro 5.5 – Local Fail-Close Bypass 漏洞ID 1054495 漏洞类型 发布时间 2004-06-14 更新时间 2004-06-14 CVE编号 N/A CNNVD-ID N/…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享