 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.20170 |
| Categoría: | Web application abuses |
| Título: | phpWebThings forum Parameter SQL Injection Vulnerabilities |
| Resumen: | The version of phpWebThings installed on the remote host does not; properly sanitize user input in the 'forum' and 'msg' parameters of 'forum.php' script before using; it in database queries. |
| Descripción: | Summary: The version of phpWebThings installed on the remote host does not properly sanitize user input in the 'forum' and 'msg' parameters of 'forum.php' script before using it in database queries. Vulnerability Impact: An attacker can exploit this vulnerability to display the usernames and passwords (md5 hash) from the website and then use this information to gain administrative access to the affected application. Solution: Apply the phpWebthings 1.4 forum patch referenced in the third URL above. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
BugTraq ID: 15276 BugTraq ID: 15465 Common Vulnerability Exposure (CVE) ID: CVE-2005-3585 BugTraq ID: 15277 http://www.securityfocus.com/bid/15277 Bugtraq: 20051105 XSS & SQL injection in phpWebThing (Google Search) http://marc.info/?l=bugtraq&m=113122187101383&w=2 Bugtraq: 20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/419280/100/0/threaded http://glide.stanford.edu/yichen/research/sec.pdf http://www.osvdb.org/20441 http://secunia.com/advisories/17410/ XForce ISS Database: phpwebthings-forum-sql-injection(22972) https://exchange.xforce.ibmcloud.com/vulnerabilities/22972 Common Vulnerability Exposure (CVE) ID: CVE-2005-4218 http://www.securityfocus.com/bid/15465 https://www.exploit-db.com/exploits/1324 http://rgod.altervista.org/phpwebth14_xpl.html |
| Copyright | Copyright (C) 2005 Ferdy Riphagen |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |