Exploit Cacti 0.8.7 - 'graph_xport.php?local_graph_id' SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
31160
Проверка EDB
  1. Пройдено
Автор
ASCII
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-0785
Дата публикации
2008-02-12
Код:
source: https://www.securityfocus.com/bid/27749/info
    
Cacti is prone to multiple unspecified input-validation vulnerabilities, including:
    
- Multiple cross-site scripting vulnerabilities
- Multiple SQL-injection vulnerabilities
- An HTTP response-splitting vulnerability.
    
Attackers may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, or to execute arbitrary script code in the browser of an unsuspecting user.
    
These issues affect Cacti 0.8.7a and prior versions. 

curl "http://www.example.com/cacti/graph_xport.php?local_graph_id=1" -d \
"local_graph_id=1'" -H "Cookie: Cacti=<cookie value>"
 
Источник
www.exploit-db.com

Похожие темы