XOOPS 'badliege' Module - 'id' Parameter SQL Injection Vulnerability

XOOPS 'badliege' Module - 'id' Parameter SQL Injection Vulnerability 1.漏洞信息 XOOPS 'badliege'模块是一款基于PHP的WEB应用程序。 XOOPS 'badliege'模块不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的'id'参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 2. 测试方法...

xoopsbadliege-sql.txt

XOOPS Module badliege SQL Injection AUTHOR : S@BUN HOME 1 : http://www.milw0rm.com/author/1334 MAİL : [email protected] DORK 1 : allinurl :"modules/badliege/index.php?op=show" DORK 2 : allinurl: EXPLOIT :...

XOOPS Module badliege SQL Injection

XOOPS Module badliege SQL Injection AUTHOR : S@BUN HOME 1 : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl :"modules/badliege/index.php?op=show" DORK 2 : allinurl: EXPLOIT :...

XOOPS badliege Module - id SQL Injection

XOOPS badliege Module - id SQL Injection source: https://www.securityfocus.com/bid/27892/info The XOOPS 'badliege' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

XOOPS 'badliege' Module - 'id' SQL Injection

source: https://www.securityfocus.com/bid/27892/info The XOOPS 'badliege' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...