Basic Analysis And Security Engine Base_qry_main.PHP SQL 注入漏洞

Basic Analysis And Security Engine Base_qry_main.PHP SQL 注入漏洞

漏洞ID 1109163 漏洞类型 SQL注入
发布时间 2005-10-25 更新时间 2005-10-25
图片[1]-Basic Analysis And Security Engine Base_qry_main.PHP SQL 注入漏洞-安全小百科CVE编号 CVE-2005-3325
图片[2]-Basic Analysis And Security Engine Base_qry_main.PHP SQL 注入漏洞-安全小百科CNNVD-ID CNNVD-200510-235
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/26395
https://www.securityfocus.com/bid/15199
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-235
|漏洞详情
InstrusionDatabasesAnalysisConsole是一款于php的入侵检测数据库分析控制台。(1)IntrusionDatabases(ACID)0.9.6b20的AnalysisConsole中的acid_qry_main.php和(2)BasicAnalysisandSecurityEngine(BASE)1.2中的base_qry_main.php,以及这些产品中未明的其他控制台脚本存在多个SQL注入漏洞。远程攻击者可以借助sig[1]参数以及可能的其他参数,执行任意SQL指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/15199/info

Basic Analysis And Security Engine is prone to an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

http://www.example.com/base/base_qry_main.php?new=1&sig[0]=%3D&sig[1]=[SQL]&submit=Query+DB
|受影响的产品
Debian Linux 3.1 sparc

Debian Linux 3.1 s/390

Debian Linux 3.1 ppc

Debian Linux 3.1 mipsel

Debian Linux 3.1 mips

Debian Linux 3.1 m68k

Debian Linux 3.1

|参考资料

来源:BID
名称:15199
链接:http://www.securityfocus.com/bid/15199
来源:DEBIAN
名称:DSA-893
链接:http://www.debian.org/security/2005/dsa-893
来源:bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336788
来源:OSVDB
名称:20837
链接:http://www.osvdb.org/20837
来源:OSVDB
名称:20836
链接:http://www.osvdb.org/20836
来源:VUPEN
名称:ADV-2005-2188
链接:http://www.frsirt.com/english/advisories/2005/2188
来源:SECUNIA
名称:17558
链接:http://secunia.com/advisories/17558
来源:SECUNIA
名称:17552
链接:http://secunia.com/advisories/17552
来源:SECUNIA
名称:17523
链接:http://secunia.com/advisories/17523
来源:SECUNIA
名称:17314
链接:http://secunia.com/advisories/17314

相关推荐: SSH 1.2.27 Kerberos Ticket Cache Exposure Vulnerability

SSH 1.2.27 Kerberos Ticket Cache Exposure Vulnerability 漏洞ID 1103998 漏洞类型 Access Validation Error 发布时间 2000-07-05 更新时间 2000-07-05 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享