EUVD-2007-6309

Malware in sbrugna...

apache::AuthCAS 0.4 Sql注入漏洞

No description provided by source...

Apache::AuthCAS Cookie远程SQL注入漏洞

BUGTRAQ ID: 26762 CVECAN ID: CVE-2007-6342 Apache::AuthCAS是可配置的Apache认证模块。 Apache::AuthCAS模块中存在SQL注入漏洞，远程攻击者可能利用此漏洞非授权操作数据库。 在CPAN版本的516行，会话ID是直接从cookie获得的： $cookie = /.$SESSIONCOOKIENAME=^;+\s;.|\s$/; $sid = $1 || ""; 然后在544行未经任何过滤便传送给了getsessiondata函数，getsessiondata在1005行将$sid注入到SQL中： my $sth =...

Sql injection

SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...

CVE-2007-6342

SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...

CVE-2007-6342

SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...

Apache::AuthCAS Cookie SQL注入漏洞

Apache::AuthCAS验证模块可使用户保护Apache服务器上的内容。 Apache::AuthCAS不正确过滤用户提交的COOKIE内容，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息或操作数据库。 问题存在于CPAN版本516行中： http://search.cpan.org/dcastro/Apache-AuthCAS-0.4/lib/Apache/AuthCAS.p m, 会话ID从COOKIE中展开 $cookie = /.$SESSIONCOOKIENAME=^;+\s;.|\s$/; $sid = $1 || "";...

Potential SQL injection vulnerability in Apache::AuthCAS

Some weeks ago, I sent the following message to David Castro, the author of Apache::AuthCAS. As there hasn't been any reply and the guys at ja-sig.org haven't been able or willing to look into it, perhaps there is somebody here who wants to have a closer look at this? CAS is the Central...