Hosting Controller ‘resellerresources.asp’脚本 SQL注入漏洞-安全小百科

Hosting Controller ‘resellerresources.asp’脚本 SQL注入漏洞

漏洞ID	1108816	漏洞类型	SQL注入
发布时间	2005-05-28	更新时间	2005-10-20
CVE编号	CVE-2005-1788	CNNVD-ID	CNNVD-200506-010
漏洞平台	ASP	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/25754
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-010

|漏洞详情

HostingController6.1Hotfix2.0中的resellerresources.asp脚本存在SQL注入漏洞，远程攻击者可借助jresourceid参数执行任意SQL指令。

|漏洞EXP

source: http://www.securityfocus.com/bid/13806/info
 
Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks.
 
These issues reportedly affect Hosting Controller 6.1 HotFix 2.0 and prior versions.

http://www.example.com/admin/hosting/plandetails.asp?hostcustid=[PlanID]

|参考资料

来源:SECTRACK
名称:1014071
链接:http://securitytracker.com/id?1014071
来源:SECUNIA
名称:15540
链接:http://secunia.com/advisories/15540

相关推荐: Sun Solaris 7.0 – rpc.ttdbserver Denial of Service

Sun Solaris 7.0 – rpc.ttdbserver Denial of Service 漏洞ID 1053432 漏洞类型发布时间 1999-11-19 更新时间 1999-11-19 CVE编号 N/A CNNVD-ID N/A 漏洞平台 S…

文章版权归作者所有，未经允许请勿转载。

THE END