Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) - ошибки и эксплоиты

[RU] switch to English

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:		13 января 2007 г.
Источник:
SecurityVulns ID:		7050
Тип:		удаленная
Уровень опасности:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты:		WORDPRESS : WordPress 2.0
		AIOCP : All In One Control Panel 1.3
		MINTHABER : MiNT Haber Sistemi v2.7
		IMPLIEDBYDESIGN : Micro CMS 3.5
		NAIG : Naig 0.5
CVE:		CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223.)
		CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
		CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.)
		CVE-2007-0260 ( DISPUTED PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use.)
		CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.)
		CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.)

Оригинальный текст		coloss7_(at)_gmail.com, Naig <= 0.5.2 (this_path) Remote File Include Vulnerability (13.01.2007)
		coloss7_(at)_gmail.com, AIOCP Login Bypass Vulnerability (13.01.2007)
		coloss7_(at)_gmail.com, AIOCP SQL Injection Vulnerability (13.01.2007)
		process_(at)_cnbct.org, Wordpress disclosure of Table Prefix Weakness (13.01.2007)
		chernobiLe, MiNT Haber Sistemi v2.7 (tr) == SQL Injection Vulnerability (13.01.2007)

Файлы:

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород