⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 phpnews prior 1.2.4 sendtofriend.php sql injection.plugin

📁 全面网络扫描器VB源代码 很实用
💻 PLUGIN
字号:
🔍 
<plugin_id>319</plugin_id>
<plugin_name>PHPNews prior 1.2.4 sendtofriend.php SQL injection</plugin_name>
<plugin_family>CGI</plugin_family>
<plugin_version>1.0</plugin_version>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_exploit>open|send GET /phpnews/sendtofriend.php?mid='1' HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *mysql_fetch_assoc():*</plugin_procedure_exploit>
<plugin_exploit_accuracy>98</plugin_exploit_accuracy>
<plugin_comment>The NASL script is Copyright (C) 2004 Tenable Network Security.</plugin_comment>
<bug_published_name>AccessX </bug_published_name>
<bug_affected>PHPNews prior 1.2.4</bug_affected>
<bug_not_affected>PHPNews newer than 1.2.4</bug_not_affected>
<bug_vulnerability_class>SQL Injection</bug_vulnerability_class>
<bug_description>The remote host is using PHPNews, an open source news application. It utilizes database to store the content. A vulnerability exists in the remote version of this software which may allow an attacker to inject arbitrary SQL code and possibly execute arbitrary code, due to improper validation of user supplied input in the 'mid' parameter of script 'sendtofriend.php'.</bug_description>
<bug_solution>Upgrade to the version 1.2.4 of this software.</bug_solution>
<bug_fixing_time>Approx. 30 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/11748/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>High</bug_severity>
<bug_popularity>6</bug_popularity>
<bug_simplicity>8</bug_simplicity>
<bug_impact>8</bug_impact>
<bug_risk>7</bug_risk>
<bug_nessus_risk>High</bug_nessus_risk>
<bug_check_tool>Nessus can check this flaw with the plugin 15861 (PHPNews sendtofriend.php SQL injection).</bug_check_tool>
<source_securityfocus_bid>11748</source_securityfocus_bid>
<source_nessus_id>15861</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -