Exploit Invision Power Top Site List 1.0/1.1 - 'id' SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23868
Проверка EDB
  1. Пройдено
Автор
JEIAR
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2004-1836
Дата публикации
2004-03-22
Код:
source: https://www.securityfocus.com/bid/9945/info

It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. The issue exists due to insufficient sanitizing of the 'id' URI parameter when using the 'comments' feature in 'index.php' script. 

Invision Power Top Site List versions 1.1 RC 2 and prior are reported prone to this issue.

index.php?act=comments&id=[Evil_Query]
 
Источник
www.exploit-db.com

Похожие темы