CustomCMS CCMS Gaming 'print.php' SQL注入漏洞

BUGTRAQ ID: 30787 CNCAN ID：CNCAN-2008082203 CustomCMS CCMS Gaming是一款基于PHP的WEB应用程序。 CustomCMS CCMS Gaming不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息或操作数据库。 问题是'print.php'脚本对用户提交的'id'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 CustomCms CCMS Gaming 4.0 目前没有解决方案提供： http://customcms.net/index.php...

ccms40-sql.txt

Author: !DoktOR! Date found: 21.08.08 Product: CCMS Gaming Portal Version: 4.0 The price: $55 URL: customcms.net Vulnerability Class: SQL injection print.php Vuln code: $q = mysqlquery"SELECT from ccmsnewscomments WHERE wid='$id'"; magicquotesgpc = Off http://localhost/installdir/ Exploit:...

CustomCMS 4.0 - print.php SQL Injection

CustomCMS 4.0 - print.php SQL Injection Author: !DoktOR! Date found: 21.08.08 Product: CCMS Gaming Portal Version: 4.0 The price: $55 URL: customcms.net Vulnerability Class: SQL injection print.php Vuln code: $q = mysqlquery"SELECT from ccmsnewscomments WHERE wid='$id'"; magicquotesgpc = Off...

CustomCMS 4.0 (CCMS) print.php Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= CustomCMS 4.0 CCMS print.php Remote SQL Injection Vulnerability =================================================================...

CustomCMS 4.0 - 'print.php' SQL Injection

Author: !DoktOR! Date found: 21.08.08 Product: CCMS Gaming Portal Version: 4.0 The price: $55 URL: customcms.net Vulnerability Class: SQL injection print.php Vuln code: $q = mysqlquery"SELECT from ccmsnewscomments WHERE wid='$id'"; magicquotesgpc = Off http://localhost/installdir/ Exploit:...