152 matches found
Sql injection
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...
CVE-2010-4897
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...
CVE-2010-4897
CVE-2010-4897 is a SQL injection vulnerability affecting BlueCMS 1.6, specifically in comment.php. An attacker could send crafted requests via the X-Forwarded-For HTTP header in a send action to execute arbitrary SQL commands. This is supported by multiple sources (NVD, Red Hat, CVE records). The...
BlueCMS getip()injection vulnerability-vulnerability warning-the black bar safety net
, Description,BlueCMS is a place to classified information portal dedicated CMS system. Procedures in using the getipfunction to get the Client ip when not strictly filter the data, resulting in sql injection vulnerability. Second, the analysis //comment.php $sql = "INSERT INTO ". table'comment'....
BlueCMS v1. 6 sp1 $_SERVER injection vulnerability-vulnerability warning-the black bar safety net
Affected version: v1. 6 sp1 Vulnerability description: BlueCMS is a place to classified information portal dedicated CMS system. Procedures in using the getipfunction to get the Client ip when not strictly filter the data, resulting in sql injection vulnerability. //comment.php $sql = "INSERT INT...
BlueCMS v1. 6 sp1 ad_js.php SQL injection vulnerability-vulnerability warning-the black bar safety net
Affected version: BlueCMS v1. 6 sp1 Vulnerability description: The defect file: adjs.php Vulnerability causes: the 1 2: $adid = ! empty$GET'adid' ? trim$GET'adid' : "; //root directory of the other files are doing a very good filter, the logarithm of the font variables almost always use intvalto ...
BlueCMS 1.6 - x-forwarded-for Header SQL Injection
BlueCMS 1.6 - x-forwarded-for Header SQL Injection source: https://www.securityfocus.com/bid/42999/info BlueCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
BlueCMS 1.6 - 'x-forwarded-for' Header SQL Injection
source: https://www.securityfocus.com/bid/42999/info BlueCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...
BlueCMS v1.6 sp1 $_SERVER注射漏洞
BlueCMS是一个地方分类信息门户专用CMS系统。 程序在使用getip函数获取客户端ip时没有严格过滤数据,导致sql注射漏洞。 //comment.php $sql = "INSERT INTO ".table'comment'." comid, postid, userid, type, mood, content, pubdate, ip, ischeckVALUES '', '$id', '$userid', '$type', '$mood', '$content', '$timestamp', '".getip."', '$ischeck'"; // 注意getip...
BlueCMS v1.6 sp1 ad_js.php SQL注入漏洞
缺陷文件:adjs.php 漏洞成因: 12: $adid = !empty$GET'adid' ? trim$GET'adid' : ''; //根目录下其他文件都做了很好的过滤,对数字型变量几乎都用了intval做限制,唯独漏了这个文件,居然只是用了trim去除头尾空格。。 19: $ad = $db-getone"SELECT FROM ".table'ad'." WHERE adid =".$adid; //直接代入查询 BlueCMS v1.6 sp1 SEBUG临时解决办法: $adid = !empty$GET'adid' ? intval$GET'adid' : '';...
bluecms v1.0 图片上传绕过漏洞
BlueCMS地方分类信息门户专用CMS系统 include/upload.class.php发现,只是检测了文件头,没有检测后缀. ...... class upload private $allowimagetype = array'image/jpg', 'image/gif', 'image/png', 'image/pjpeg'; ...... function imgupload$file, $dir = '', $imgname = '' ifempty$dir $dir = BLUEROOT.DATA.UPLOAD.date"Ym"."/"; else $dir =...
bluecms 0day-vulnerability warning-the black bar safety net
Author: st0p Reprint please indicate the source: http://www.st0p.org Alas, the group where a friend made a CMS, that user information modification section there may be injected, that together with the analysis, the local after installation found, can not use the magicquotesgpc = off in the case,...