osCMax 2.5 – ‘/admin/stats_monthly_sales.php?status’ SQL Injection

Exploit Database
23 阅读

作者： High-Tech Bridge SA

日期： 2012-04-04
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37048/

source: https://www.securityfocus.com/bid/52886/info

osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

osCMax 2.5.0 is vulnerable; prior versions may also be affected. 

http://www.example.com/admin/stats_monthly_sales.php?status=0 union select '<? php_code ?>' INTO OUTFILE '../../../path/to/site/file.php'

last Exploits
osCMax 2.5 – ‘/admin/stats_monthly_sales.php?status’ SQL Injection的更多信息

Invision Power Board (IP.Board) 4.2.1 – ‘searchText’ Cross-Site Scripting：
Newbie CMS – File Disclosure：
Plex Media Server 0.9.9.2.374-aa23a69 – Multiple Vulnerabilities：
WordPress Plugin CP Multi View Event Calendar 1.1.7 – SQL Injection：
Joomla! Component com_some – ‘Controller’ Local File Inclusion：
Netgear DGN2200 / DGND3700 – Admin Password Disclosure：
WordPress Plugin FuneralPress 1.1.6 – Persistent Cross-Site Scripting：
Basic B2B Script 2.0.8 – ‘product_details.php?id’ SQL Injection：