https://www.exploit-db.com/exploits/26395
https://www.securityfocus.com/bid/15199
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-235

InstrusionDatabasesAnalysisConsole是一款于php的入侵检测数据库分析控制台。(1)IntrusionDatabases(ACID)0.9.6b20的AnalysisConsole中的acid_qry_main.php和(2)BasicAnalysisandSecurityEngine(BASE)1.2中的base_qry_main.php，以及这些产品中未明的其他控制台脚本存在多个SQL注入漏洞。远程攻击者可以借助sig[1]参数以及可能的其他参数，执行任意SQL指令。

source: http://www.securityfocus.com/bid/15199/info

Basic Analysis And Security Engine is prone to an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

http://www.example.com/base/base_qry_main.php?new=1&sig[0]=%3D&sig[1]=[SQL]&submit=Query+DB

Debian Linux 3.1 sparc

Debian Linux 3.1 s/390

Debian Linux 3.1 ppc

Debian Linux 3.1 mipsel

Debian Linux 3.1 mips

Debian Linux 3.1 m68k

Debian Linux 3.1

来源:BID
名称:15199
链接:http://www.securityfocus.com/bid/15199
来源:DEBIAN
名称:DSA-893
链接:http://www.debian.org/security/2005/dsa-893
来源:bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336788
来源:OSVDB
名称:20837
链接:http://www.osvdb.org/20837
来源:OSVDB
名称:20836
链接:http://www.osvdb.org/20836
来源:VUPEN
名称:ADV-2005-2188
链接:http://www.frsirt.com/english/advisories/2005/2188
来源:SECUNIA
名称:17558
链接:http://secunia.com/advisories/17558
来源:SECUNIA
名称:17552
链接:http://secunia.com/advisories/17552
来源:SECUNIA
名称:17523
链接:http://secunia.com/advisories/17523
来源:SECUNIA
名称:17314
链接:http://secunia.com/advisories/17314