Octeth Oempro 3.6.4 – SQL Injection / Information Disclosure

Exploit Database
33 阅读

作者： Ignacio Garrido

日期： 2011-02-03
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35311/

source: https://www.securityfocus.com/bid/46135/info

Octeth Oempro is prone to multiple SQL-injection vulnerabilities and an information-disclosure vulnerability.

Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Octeth Oempro 3.6.4 is vulnerable; other versions may also be affected. 

http://www.example.com/cli_bounce.php

http://www.example.com/link.php?URL=[ENC URL]&Name=&EncryptedMemberID=[ENCODED
SQLI]&CampaignID=9&CampaignStatisticsID=16&Demo=0&Email=[MAIL]

http://www.example.com/html_version.php?ECID=[SQL]

http://www.example.com/archive.php?ArchiveID=[SQL]

last Exploits
Octeth Oempro 3.6.4 – SQL Injection / Information Disclosure的更多信息

Alstrasoft AskMe Pro 2.1 – ‘que_id’ SQL Injection：
OpenCart 1.5.5.1 – ‘FileManager.php’ Directory Traversal Arbitrary File Access：
vBulletin 5.0.0 Beta 11 < 5.0.0 Beta 28 - SQL Injection：
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) – ‘PrototypeMap::createEmptyStructure’ Universal Cross-Site Scripting：
Gate Pass Management System 2.1 – ‘login’ SQL Injection：
gausCMS – Multiple Vulnerabilities：
LimeSurvey 4.1.11 – ‘Survey Groups’ Persistent Cross-Site Scripting：
Mega File Manager – File Download：