Dolibarr ERP/CRM 3.1.0 – ‘/user/info.php?id’ SQL Injection

Exploit Database
19 阅读

作者： High-Tech Bridge SA

日期： 2011-11-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36332/

source: https://www.securityfocus.com/bid/50777/info

Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Dolibarr 3.1.0 RC is vulnerable; prior versions may also be affected. 

http://www.example.com/user/info.php?id=1 INTO OUTFILE &#039;../../../tmp/example&#039;

last Exploits
Dolibarr ERP/CRM 3.1.0 – ‘/user/info.php?id’ SQL Injection的更多信息

BK Mobile jQuery CMS 2.4 – Multiple Vulnerabilities：
Ocomon 2.0 – SQL Injection：
iTech Book Store Script 2.02 – SQL Injection：
D-Link IP Cameras – Multiple Vulnerabilities：
Bioly 1.3 – ‘/index.php’ Cross-Site Scripting / SQL Injection：
Sphider Search Engine – Multiple Vulnerabilities：
Acunetix Web Vulnerability Scanner – DLL Loading Arbitrary Code Execution：
GOautodial 4.0 – Persistent Cross-Site Scripting (Authenticated)：