Amelia CMS – SQL Injection

• Exploit Database
• 117 阅读

• 作者： Ariko-Security
  日期： 2010-02-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11504/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

  # Title: [SQL injection vulnerability in Amelia CMS] # Date: [10.02.2010] # Author: [Ariko-Security] # Software Link: [http://www.ameliadesign.eu/] # Version: [ALL] # Tested on: [freebsd / ubuntu]     ============ { Ariko-Security - Advisory #2/2/2010 } =============   SQL injection vulnerability in Amelia CMS     Vendor's Description of Software: # http://www.ameliadesign.eu/index.php?page=1322&lang=eng&cnt=services   Dork: # N/A   Application Info: # Name: Amelia CMS # Versions: ALL   Vulnerability Info: # Type: SQL injection Vulnerability # Risk: High   Fix: # N/A   Time Table # 10/02/2009 - Vendor notified.     Input passed via the "page" parameter to index.php is not properly   sanitised before being used in a SQL query and it is possible to get   sensitive information using for example Time-Base Blind SQL Injection   attacks.     Solution: # Input validation of "page" parameter should be corrected.     Vulnerability: # http://www.[site]/index.php?page=1322[SQLi]&lang=eng&cnt=services   Credit: # Discoverd By: MG # Website: http://Ariko-security.com # Contacts: support[-at-]ariko-security.com