Null News多个SQL注入漏洞漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195561 漏洞类型 其他
发布时间 2006-04-10 更新时间 2019-11-28
CVE编号 CVE-2006-1534 CNNVD-ID CNNVD-200603-516
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006040018
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-516
|漏洞详情
Null News是一款基于PHP的新闻管理程序。 Null News中存在安全漏洞。攻击者可利用该漏洞执行任意的SQL命令。
|漏洞EXP
New eVuln Advisory:
Null news SQL Injection Vulnerability
http://evuln.com/vulns/109/summary.html

--------------------Summary----------------
eVuln ID: EV0109
CVE: CVE-2006-1534
Software: Null news
Sowtware's Web Site: http://nullbranded.tk/
Versions: 2005.07.27
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Vulnerable scripts:
lostpass.php
sub.php
unsub.php

Variables $user_email(lostpass.php), $user_email(sub.php,unsub.php), $user_username(sub.php,unsub.php) are not properly sanitized before being used in SQL queries. This can be used to evaluate arbitrary SQL expression.

Condition: magic_quotes_gpc = off

--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/109/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
|参考资料

来源:VUPEN
名称:ADV-2006-1151
链接:http://www.frsirt.com/english/advisories/2006/1151
来源:SECUNIA
名称:19413
链接:http://secunia.com/advisories/19413
来源:MISC
链接:http://evuln.com/vulns/109/summary.html
来源:XF
名称:nullnews-multiple-sql-injection(25502)
链接:http://xforce.iss.net/xforce/xfdb/25502
来源:BID
名称:17300
链接:http://www.securityfocus.com/bid/17300
来源:BUGTRAQ
名称:20060408[eVuln]NullnewsSQLInjectionVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/430298/100/0/threaded
来源:OSVDB
名称:24242
链接:http://www.osvdb.org/24242
来源:OSVDB
名称:24241
链接:http://www.osvdb.org/24241
来源:OSVDB
名称:24240
链接:http://www.osvdb.org/24240
来源:SREASON
名称:682
链接:http://securityreason.com/securityalert/682