EUVD-2010-4792

Malware in sbrugna...

WoDig社区程序Members.asp页面过滤不严导致SQL注入漏洞

在文件Members.asp中： SearchType=HTMLEncodeRequest"SearchType" //第38行 SearchText=HTMLEncodeRequest"SearchText" SearchRole=HTMLEncodeRequest"SearchRole" CurrentAccountStatus=HTMLEncodeRequest"CurrentAccountStatus" JoinedDateComparer=LeftRequest"JoinedDateComparer",1...

BBSxp HTMLEncode过滤函数过滤不严导致绕过漏洞

BBSXP为一款简单的ASP+SQL与ACCESS开发的多风格论坛 目前最新版本为BBSXP2008。 官方最新过滤函数HTMLEncode,这次过滤了字符 ,再一次绕过过滤注射 Function HTMLEncodefString fString=ReplacefString,CHR9,"" fString=ReplacefString,CHR13,"" fString=ReplacefString,CHR22,"" fString=ReplacefString,CHR38,"&" '“&” fString=ReplacefString,CHR32," " '“ ”...

MiniNuke 2.1 (members.asp uid) Remote SQL Injection Vulnerability

No description provided by source. MiniNuke v2.1 forum SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MA陌L : [email protected] DORK 1 : allinurl:"members.asp?action" DORK 2 : allinurl: "members.asp"uid EXAMPLE= members.asp?action=memberdetails&uid=SQL explo...

MiniNuke 'members.asp' SQL注入漏洞

BUGTRAQ ID: 28000 CNCAN ID:CNCAN-2008022803 MiniNuke是一款基于ASP的WEB应用程序。 MiniNuke不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'members.asp'脚本对用户提交的'uid'参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 MiniNuke MiniNuke CMS 2.1 目前没有详细解决方案提供： http://www.miniex.net/...

MiniNuke 2.1 (members.asp uid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= MiniNuke 2.1 members.asp uid Remote SQL Injection Vulnerability ================================================================= MiniNuke v2.1 forum SQL Injection DORK 1 :...

BBSXP论坛程序Members.asp页面过滤不严导致SQL注入漏洞

漏洞文件： Members.asp 代码分析：. CurrentAccountStatus=HTMLEncodeRequest"CurrentAccountStatus" //第11行 。。。。。。 if CurrentAccountStatus "" then item=item&" and UserAccountStatus="&CurrentAccountStatus&"" //第22行 。。。。。。 TotalCount=Execute"Select countUserID From "&TablePrefix&"Users"&item0 //第54行...

Unfixed XSS vulnerability at www.muratenez.com

Security researcher CiCoSz, has submitted on 27/08/2007 a cross-site-scripting XSS vulnerability affecting www.muratenez.com, which at the time of submission ranked 3135429 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/08/2007. It is...

Unfixed XSS vulnerability at www.silgilikalem.com

Security researcher CiCoSz, has submitted on 27/08/2007 a cross-site-scripting XSS vulnerability affecting www.silgilikalem.com, which at the time of submission ranked 2850985 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/08/2007. It is...

Unfixed XSS vulnerability at www.managerzonetr.com

Security researcher CiCoSz, has submitted on 27/08/2007 a cross-site-scripting XSS vulnerability affecting www.managerzonetr.com, which at the time of submission ranked 2955093 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/08/2007. It is...

Sql injection

Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the uid parameter in a members.asp, the 2 catid parameter in b articles.asp and c programs.asp, and the 3 id parameter in d hpages.asp and e forum.asp...

Snitz Forums 2000 3.x - members.asp SQL Injection

Snitz Forums 2000 3.x - members.asp SQL Injection source: https://www.securityfocus.com/bid/4558/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000...

Snitz Forums 2000 3.x - 'members.asp' SQL Injection

source: https://www.securityfocus.com/bid/4558/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000 and MySQL. It is possible for a remote attacker t...