FreeHost 'misc.php' 多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194207 漏洞类型 SQL注入
发布时间 2006-07-11 更新时间 2006-07-11
CVE编号 CVE-2006-3516 CNNVD-ID CNNVD-200607-146
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/83761
https://cxsecurity.com/issue/WLB-2006070059
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-146
|漏洞详情
FreeHost存在多个SQL注入漏洞。远程攻击者可以通过(1)对FreeHost/misc.php的readme参数或(2)对FreeHost/news.php的index参数,执行任意SQL命令。
|漏洞EXP
================================

Discovered By: CrAzY CrAcKeR

================================

Example:-

/FreeHost/misc.php?readme=[SQL]

/FreeHost/news.php?index=[SQL]

Search:-

Powered By FreeHost

================================

Email:CrAzY.CrAcKeR (at) hotmail (dot) com [email concealed]
|受影响的产品
Freehost Freehost 0
|参考资料

来源:BUGTRAQ
名称:20060630FreeHost"misc.php&news.php"SQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/438813/100/100/threaded
来源:SREASON
名称:1208
链接:http://securityreason.com/securityalert/1208