NConf delete_attr.php id Parameter SQL Injection

The version of the NConf installed on the remote host is affected by a SQL injection vulnerability because it fails to properly sanitize user-supplied input to the 'id' parameter of the 'deleteattr.php' script. An attacker may be able to leverage this to manipulate data in the back-end database o...

Nconf 1.3 - Multiple SQL Injections

Nconf 1.3 - Multiple SQL Injections Exploit Title: nconf handleitem.php，Modifyattr.php etc Multiple Sql injection Date: 2013/3/4 Exploit Author: Saadat Ullah，[email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Vendors: http://www.nconf.org/ Author HomePage:...

Nconf 1.3 SQL Injection / Cross Site Scripting

Exploit Title: nconf handleitem.php，Modifyattr.php etc Multiple Sql injection Date: 2013/3/4 Exploit Author: Saadat Ullah，[email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Vendors: http://www.nconf.org/ Author HomePage: http://security-geeks.blogspot.com/...

Nconf 1.3 - Multiple SQL Injections

Exploit Title: nconf handleitem.php，Modifyattr.php etc Multiple Sql injection Date: 2013/3/4 Exploit Author: Saadat Ullah，[email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Vendors: http://www.nconf.org/ Author HomePage: http://security-geeks.blogspot.com/...