Dir2web – ‘/system/src/dispatcher.php?oid’ SQL Injection

Exploit Database
147 阅读

作者： Daniel Correa

日期： 2012-08-07
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37581/

source: https://www.securityfocus.com/bid/54845/info

Dir2web is prone to multiple security vulnerabilities, including an SQL-Injection vulnerability and an information-disclosure vulnerability.

Successfully exploiting these issues allows remote attackers to compromise the software, retrieve information, modify data, disclose sensitive information, or gain unauthorized access; other attacks are also possible.

Dir2web versions 3.0 is vulnerable; other versions may also be affected.

http://www.example.com/index.php?wpid=homepage&oid=6a303a0aaa' OR id > 0-- -

last Exploits
Dir2web – ‘/system/src/dispatcher.php?oid’ SQL Injection的更多信息

Alcatel-Lucent OmniSwitch – Cross-Site Request Forgery：
PHP Volunteer Management System 1.0.2 – Arbitrary File Upload (Metasploit)：
ASUS-DSL N10 1.1.2.2_17 – Authentication Bypass：
Binatone DT 850W Wireless Router – Multiple Cross-Site Request Forgery Vulnerabilities：
YourMembers Plugin – Blind SQL Injection：
Joomla! Component com_sgicatalog 1.0 – ‘id’ SQL Injection：
TOPSEC Firewalls – ‘ELIGIBLEBOMBSHELL’ Remote Code Execution：
CI User Login and Management 1.0 – Arbitrary File Upload：