EUVD-2007-0914

Malware in sbrugna...

Metyus Forum Portal Philboard_Forum.ASP SQL注入漏洞

BUGTRAQ ID: 25096 CNCAN ID:CNCAN-2007080105 Metyus Forum Portal是一款基于ASP的WEB应用程序。 Metyus Forum Portal不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'PhilboardForum.ASP'脚本对用户提交的'forumid'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 Metyus Forum Portal 1.0 目前没有解决方案提供： http://aspindir.com/...

Philboard Forum Vulnerability

Philboard Vulnerability Severity : High Possible gain administrator/users access on Forum Board Systems Affected: Philboard up to v1.14 Vendor URL: http://www.youngpip.com/philboard.asp Vuln Type : Cookie Injection Status : Vendor contacted, fixed version is not available cause they didn't respon...