OSClass 2.3.3 – ‘index.php?sCategory’ SQL Injection

Exploit Database
101 阅读

作者： High-Tech Bridge SA

日期： 2012-01-25
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36625/

source: https://www.securityfocus.com/bid/51662/info

OSClass is prone to SQL-injection and cross-site scripting vulnerabilities.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

OSClass 2.3.3 is vulnerable; other versions may also be affected.

http://www.example.com/index.php?page=search&sCategory[]=0%27%20OR%20%28SELECT%20MID%28version%28%29,1,1% 29%29=5%29%20d%20--%202

last Exploits
OSClass 2.3.3 – ‘index.php?sCategory’ SQL Injection的更多信息

Voovi Social Networking Script 1.0 – ‘user’ SQL Injection：
Advanced Electron Forum 1.0.9 – Cross-Site Request Forgery：
Joomla! Component OS Property 3.0.8 – SQL Injection：
Healwire Online Pharmacy 3.0 – Cross-Site Scripting / Cross-Site Request Forgery：
ntop-ng 2.5.160805 – Username Enumeration：
CentOS Control Web Panel 0.9.8.836 – Privilege Escalation：
GeoVision (GeoHttpServer) Webcams – Remote File Disclosure：
Savsoft Quiz 5 – ‘field_title’ Stored Cross-Site Scripting：