Layton Technology HelpBox多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108068 漏洞类型 SQL注入
发布时间 2004-07-21 更新时间 2004-07-21
CVE编号 CVE-2004-2551 CNNVD-ID CNNVD-200412-787
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/24303
https://www.securityfocus.com/bid/10776
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-787
|漏洞详情
LaytonHelpBox3.0.1版本存在多个SQL注入漏洞。远程攻击者可以借助以下参数执行任意SQL命令:(1)editcommentenduser.asp中的sys_comment_id参数,(2)editsuspensionuser.asp中的sys_suspend_id参数,(3)export_data.asp中的table参数,(4)manageanalgrouppreference.asp中的sys_analgroup参数,(5)quickinfoassetrequests.asp中的sys_asset_id参数,(6)quickinfoenduserrequests.asp中的sys_eusername参数,以及(7)requestauditlog.asp中的,(8)requestcommentsenduser.asp中的,(9)selectrequestapplytemplate.asp中的,和(10)selectrequestlink.asp中的sys_request_idparameter参数,该漏洞可能导致创建一个HelpBox的新用户账户,并且从后端数据库读取,修改或删除数据。
|漏洞EXP
source: http://www.securityfocus.com/bid/10776/info

It is reported that HelpBox is susceptible to multiple SQL injection vulnerabilities. This issue is due to improper sanitization of user-supplied data. 

These problems present themselves when malicious SQL statements are passed to certain scripts.

Some scripts require administrative privileges to HelpBox. One script reportedly allows exporting any table in the SQL server.

These issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

HelpBox version 3.0.1 is reported vulnerable to these issues.

http://www.example.com/laytonhelpdesk/editcommentenduser.asp?sys_comment_id=1'
|受影响的产品
Layton Technology HelpBox 3.0.1
|参考资料

来源:OSVDB
名称:8179
链接:http://www.osvdb.org/8179
来源:OSVDB
名称:8178
链接:http://www.osvdb.org/8178
来源:OSVDB
名称:8177
链接:http://www.osvdb.org/8177
来源:OSVDB
名称:8176
链接:http://www.osvdb.org/8176
来源:OSVDB
名称:8175
链接:http://www.osvdb.org/8175
来源:OSVDB
名称:8174
链接:http://www.osvdb.org/8174
来源:OSVDB
名称:8173
链接:http://www.osvdb.org/8173
来源:OSVDB
名称:8172
链接:http://www.osvdb.org/8172
来源:OSVDB
名称:8171
链接:http://www.osvdb.org/8171
来源:OSVDB
名称:8170
链接:http://www.osvdb.org/8170
来源:SECUNIA
名称:12118
链接:http://secunia.com/advisories/12118
来源:XF
名称:helpbox-url-gain-access(16774)
链接:http://xforce.iss.net/xforce/xfdb/16774
来源:XF
名称:helpbox-multiple-sql-injection(16772)
链接:http://xforce.iss.net/xforce/xfdb/16772
来源:BID
名称:10776
链接:http://www.securityfocus.com/bid/10776
来源:www.securiteam.com
链接:http://www.securiteam.com/windowsntfocus/5VP0S0ADFW.html