MyBB SQL注入漏洞

MyBB SQL注入漏洞

漏洞ID 1108990 漏洞类型 SQL注入
发布时间 2005-08-12 更新时间 2005-10-20
图片[1]-MyBB SQL注入漏洞-安全小百科CVE编号 CVE-2005-2580
图片[2]-MyBB SQL注入漏洞-安全小百科CNNVD-ID CNNVD-200508-149
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/26149
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-149
|漏洞详情
MyBB是一款流行的基于Web的网络论坛程序。MyBB在处理用户请求时存在SQL注入漏洞,远程攻击者可以利用这个漏洞获得敏感信息、破坏数据库或控制MyBB论坛。MyBB的多个脚本对用户提交的多个参数缺少充分的检查过滤,远程攻击者可以利用此漏洞非授权操作数据库。
|漏洞EXP
source: http://www.securityfocus.com/bid/14553/info
  
MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
  
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
  
Reports indicate an attacker can exploit at least one of these vulnerabilities to gain administrative access to the affected application. 

http://www.example.com/polls.php?action=newpoll&tid=1&polloptions='[SQL INJECTION]
|参考资料

来源:BID
名称:14553
链接:http://www.securityfocus.com/bid/14553
来源:BUGTRAQ
名称:20050812MyBulletinBoardRC4Vulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112387501519835&w;=2

相关推荐: Crob FTP Server Remote RMD Command Stack Buffer Overflow Vulnerability

Crob FTP Server Remote RMD Command Stack Buffer Overflow Vulnerability 漏洞ID 1096554 漏洞类型 Boundary Condition Error 发布时间 2005-06-03 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享