Plexum X5 plexum.php Multiple Variable SQL Injection

2006-04-19T05:47:39
ID OSVDB:24729
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2006-04-19T05:47:39

Description

Manual Testing Notes

/plexum.php?section=webstats&page=hits&startpos=15&maxrec=457&pagesize=[SQL]

/plexum.php?section=webstats&page=hits&startpos=450&maxrec=[SQL]

/plexum.php?section=webstats&page=hits&startpos=[SQL]

References:

Vendor URL: http://www.plexum.com/network/ Secunia Advisory ID:19720 Other Advisory URL: http://pridels.blogspot.com/2006/04/plexum-x5-sql-vuln.html FrSIRT Advisory: ADV-2006-1423 CVE-2006-1947 Bugtraq ID: 17617