3 matches found
PostNuke pnVarPrepForStore()函数SQL注入漏洞
BUGTRAQ ID: 28407 PostNuke是一款开放源码、开放开发的内容管理系统(CMS)。 PostNuke的pnVarPrepForStore函数中存在SQL盲注漏洞,远程攻击者可能利用此漏洞非授权操作数据库。 以下是有漏洞部分的代码: 1. function pnVarPrepForStore 2. 3. $resarray = array; 4. foreach funcgetargs as $ourvar 5. if !getmagicquotesruntime && !isarray$ourvar 6. $ourvar = addslashes$ourvar; 7...
MDPro 1.0.76 Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ========================================= MDPro 1.0.76 Remote SQL Injection Exploit ========================================= !/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author =...
MD-Pro 1.0.76 - SQL Injection
!/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author = "undefined1"; my $settings = "magicquotesruntime = off, mysql = 4.1.0"; $| = 1; print ":: $app $type - by $author ::\n\n\n"; my $url = shift || usage; if$url = m/^?:http://./ $url = $1;...