Exponent CMS 2.0 – ‘src’ SQL Injection

Exploit Database
108 阅读

作者： Rob Miller

日期： 2012-03-07
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36916/

source: https://www.securityfocus.com/bid/52328/info

Exponent CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Exponent CMS 2.0.4 is vulnerable; prior versions may also be affected.

http://www.example.com//exponent/cron/send_reminders.php?src=src%3d11"%3b}'%20or%201%3d1%20AND%20SLEEP(5)%20%3b%20--%20"

last Exploits
Exponent CMS 2.0 – ‘src’ SQL Injection的更多信息

Rix4Web Portal – Blind SQL Injection：
WordPress Plugin Content Timeline – SQL Injection：
Password Manager Pro / Pro MSP – Blind SQL Injection：
Spaw Editor 1.0/2.0 – Arbitrary File Upload：
Flatpress 0.909.1 – Persistent Cross-Site Scripting：
PESCMS TEAM 2.3.2 – Multiple Reflected XSS：
Joomla! Component com_maianmedia – SQL Injection：
Craft CMS 2.6 – Cross-Site Scripting：