BigDump 0.29b and 0.32b – Multiple Vulnerabilities

  • 作者: Ur0b0r0x
    日期: 2012-11-28
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/38076/
  • source: https://www.securityfocus.com/bid/56744/info
    
    BigDump is prone to a cross-site scripting vulnerability, an SQL-injection vulnerability, and an arbitrary-file-upload vulnerability because it fails to sanitize user-supplied data.
    
    Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, upload arbitrary files, access or modify data, or exploit latent vulnerabilities in the underlying database.
    
    BigDump 0.29b and 0.32b are vulnerable; other versions may also be affected. 
    
    http://www.example.com/bigdump.php?start= [SQL]
    
    http://www.example.com/bigdump.php?start= [XSS]
    
    http://www.example.com/bigdump.php [File Upload]