BrowserCRM 5.100.1 – ‘contact_id’ SQL Injection

Exploit Database
13 阅读

作者： High-Tech Bridge SA

日期： 2011-12-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36449/

source: https://www.securityfocus.com/bid/51060/info
 
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected. 

http://www.example.com/modules/Documents/index.php?id=1&contact_id=1%27%20OR%20%271%27=%271

last Exploits
BrowserCRM 5.100.1 – ‘contact_id’ SQL Injection的更多信息

Backdrop CMS 1.27.1 – Authenticated Remote Command Execution (RCE)：
Library Management System 3.0 – “Add Category” Stored XSS：
eLouai’s Force Download Script – Arbitrary Local File Download：
Gelsheet 1.02 – ‘index.php’ Cross-Site Scripting：
Ronny CMS 1.1 r935 – Multiple HTML Injection Vulnerabilities：
Yahei PHP Prober 0.4.7 – Cross-Site Scripting：
Hrsale 2.0.0 – Local File Inclusion：
Freelancers Marketplace Script – Persistent Cross-Site Scripting：