VBZooM多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194099 漏洞类型 SQL注入
发布时间 2006-07-11 更新时间 2007-07-03
CVE编号 CVE-2006-3691 CNNVD-ID CNNVD-200607-295
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/18937
https://cxsecurity.com/issue/WLB-2006070081
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-295
|漏洞详情
VBZooM1.11及之前版本存在多个SQL注入漏洞。远程攻击者可以借助对(1)ignore-pm.php,(2)sendmail.php,(3)reply.php或(4)sub-join.php的UserID参数,执行任意SQL指令。
|漏洞EXP
===========================================

Discovered By: C.B.B.L

CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuX_rOOt

===========================================

Search:-

POWERED BY: VBZooM V1.11

Example:-

ignore-pm.php?UserID=[SQL Injection]

===========================================
|受影响的产品
VBZoom VBZoom 1.11
|参考资料

来源:BID
名称:18937
链接:http://www.securityfocus.com/bid/18937
来源:BUGTRAQ
名称:20060711VBZooM<=V1.11"ignore-pm.php"SQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/440145/100/0/threaded
来源:BUGTRAQ
名称:20060711VBZooM<=V1.11"reply.php"SQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/440141/100/0/threaded
来源:BUGTRAQ
名称:20060711VBZooM"sendmail.php"SQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/440133/100/0/threaded
来源:BUGTRAQ
名称:20060711VBZooM<=V1.11"sub-join.php"SQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/440114/100/0/threaded
来源:XF
名称:vbzoom-userid-sql-injection(42254)
链接:http://xforce.iss.net/xforce/xfdb/42254
来源:BUGTRAQ
名称:20080507VBZooM<=V1.11"reply.php"SQLInjectionVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/491770/100/0/threaded
来源:OSVDB
名称:28254
链接:http://www.osvdb.org/28254
来源:SREASON
名称:1244
链接:http://securityreason.com/securityalert/1244