Waylu CMS – ‘/products_xx.php’ SQL Injection / HTML Injection

Exploit Database
128 阅读

作者： TheCyberNuxbie

日期： 2012-04-20
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37100/

source: https://www.securityfocus.com/bid/53202/info

Waylu CMS is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.

HTML Injection

http://www.example.com/WebApps/products_xx.php?id=[XSS]

SQL Injection

http://www.example.com/WebApps/products_xx.php?id=[SQL Injection]

last Exploits
Waylu CMS – ‘/products_xx.php’ SQL Injection / HTML Injection的更多信息

Kentico CMS 9.0-12.0.49 – Persistent Cross Site Scripting：
MOJO’s IWms 7 – SQL Injection / Cross-Site Scripting：
Free Simple Software – SQL Injection：
GitLab 14.9 – Stored Cross-Site Scripting (XSS)：
Joomla! Component Twitch Tv 1.1 – SQL Injection：
Front Accounting 2.3RC2 – Multiple Persistent Cross-Site Scripting Vulnerabilities：
Web Viewer 1.0.0.193 (Samsung SRN-1670D) – Unrestricted File Upload：
WordPress Plugin FireStorm Professional Real Estate 2.06.01 – SQL Injection：