The United States VPS management system SolusVM 1.13.03 SQL injection vulnerability with exp-a vulnerability warning-the black bar safety net

2013-06-21T00:00:00
ID MYHACK58:62201339333
Type myhack58
Reporter x-Ai
Modified 2013-06-21T00:00:00

Description

SolusVM software is a powerful graphical user interface for VPS management system that can simultaneously manage three kinds of Virtualization Technology: OpenVZ ,Xen Paravirtualization and Xen HVM in. The use of this software open us VPS customer, will feel he is very safe and convenient.

Poor representation of my data are gone, I say how these two days VPS not opening...the original sixteen numbers out of the cave. My service providers were formatted, the announcement said it could not recover.

Disclosure of vulnerability of the blogger addresstext address

The following is original:

SolusVM 1.13.03 Vulnerabilities

2013/06/16

!

/centralbackup.php:

<? php if ($_POST['delete']) { $xc = $db -> query('SELECT * FROM centralbackup WHERE id = \" . $_POST['deleteid'] . '\", true);

[...]

if ($xc[status] == 'failed') { exec('php /usr/local/solusvm/system/bus.php -- --comm=deletebackup --serverid=' . $xc['bserver'] . '--nodeid=' . $vdata['nodeid'] . '--vserverid=' . $vdata['vserverid'] . '--filename=' . $xc['filename']);

[...]

} } ?>

[1] [2] [3] next