RadScripts RadBids Gold多个漏洞

RadScripts RadBids Gold多个漏洞

漏洞ID 1108638 漏洞类型 SQL注入
发布时间 2005-04-09 更新时间 2005-10-20
图片[1]-RadScripts RadBids Gold多个漏洞-安全小百科CVE编号 CVE-2005-1074
图片[2]-RadScripts RadBids Gold多个漏洞-安全小百科CNNVD-ID CNNVD-200505-182
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25370
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-182
|漏洞详情
RadScriptsRadBidsGold2的index.php中存在SQL注入漏洞,远程攻击者可以通过mode参数执行任意SQL指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/13080/info
 
RadBids Gold is reported prone to multiple vulnerabilities. These issues include arbitrary file disclosure, cross-site scripting, and SQL injection.
 
The following specific vulnerabilities were identified:
 
A remote attacker can disclose arbitrary files. Information gathered through this issue may allow the attacker to carry out other attacks against an affected computer.
 
The application is affected by a SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
 
Multiple cross-site scripting issues have been identified as well. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
 
RadBids Gold v2 is reported vulnerable to these issues. Other versions may be affected as well. 

http://www.example.com/auciton_software/index.php?a=listings&mode='SQL_INJECTION&order=name&cat=
SELECT id, area, radbids_listings.moderated, name, type, featured, hot, urgent, detailview, viewcount, COUNT(radbids_bids.pid) AS bids, AVG(radbids_bids.price) AS
average, MAX(radbids_bids.dateposted) AS lastbid, radbids_listings.dateposted, UNIX_TIMESTAMP(radbids_listings.dateposted) AS pdate,
UNIX_TIMESTAMP(dateexpire)-UNIX_TIMESTAMP(NOW()) AS timeleft, radbids_rate.avgrate, min_bid, bid_inc, buynow, dateawarded, listing_type FROM radbids_listings LEFT JOIN
radbids_bids ON radbids_listings.id=radbids_bids.pid LEFT JOIN radbids_rate ON radbids_listings.id=radbids_rate.pid WHERE GROUP BY id ORDER BY name, dateposted DESC
LIMIT 0,25
|参考资料

来源:XF
名称:radbids-gold-index-sql-injection(20040)
链接:http://xforce.iss.net/xforce/xfdb/20040
来源:BID
名称:13080
链接:http://www.securityfocus.com/bid/13080
来源:BUGTRAQ
名称:20050409Directorytransversal,sqlinjectionandxssvulnerabilitiesinRadBidsGoldv2
链接:http://www.securityfocus.com/archive/1/395527
来源:OSVDB
名称:15429
链接:http://www.osvdb.org/15429
来源:SECUNIA
名称:14906
链接:http://secunia.com/advisories/14906

相关推荐: PHP4 Readfile Denial Of Service Vulnerability

PHP4 Readfile Denial Of Service Vulnerability 漏洞ID 1097039 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2005-02-25 更新时间 2005…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享