CVE-2004-2551
CVSS7.5
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:44:27
NMCOES    

[原文]Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database.


[CNNVD]Layton Technology HelpBox多个SQL注入漏洞(CNNVD-200412-787)

        Layton HelpBox 3.0.1版本存在多个SQL注入漏洞。远程攻击者可以借助以下参数执行任意SQL命令:(1)editcommentenduser.asp中的sys_comment_id参数,(2)editsuspensionuser.asp中的sys_suspend_id参数,(3)export_data.asp中的table参数,(4)manageanalgrouppreference.asp中的sys_analgroup参数,(5)quickinfoassetrequests.asp中的sys_asset_id参数,(6) quickinfoenduserrequests.asp中的sys_eusername参数,以及(7)requestauditlog.asp中的,(8)requestcommentsenduser.asp中的,(9) selectrequestapplytemplate.asp中的,和(10)selectrequestlink.asp中的sys_request_id parameter参数,该漏洞可能导致创建一个HelpBox的新用户账户,并且从后端数据库读取,修改或删除数据。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2551
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2551
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-787
(官方数据源) CNNVD

- 其它链接及资源

http://www.osvdb.org/8179
(PATCH)  OSVDB  8179
http://www.osvdb.org/8178
(PATCH)  OSVDB  8178
http://www.osvdb.org/8177
(PATCH)  OSVDB  8177
http://www.osvdb.org/8176
(PATCH)  OSVDB  8176
http://www.osvdb.org/8175
(PATCH)  OSVDB  8175
http://www.osvdb.org/8174
(PATCH)  OSVDB  8174
http://www.osvdb.org/8173
(PATCH)  OSVDB  8173
http://www.osvdb.org/8172
(PATCH)  OSVDB  8172
http://www.osvdb.org/8171
(PATCH)  OSVDB  8171
http://www.osvdb.org/8170
(PATCH)  OSVDB  8170
http://secunia.com/advisories/12118
(VENDOR_ADVISORY)  SECUNIA  12118
http://xforce.iss.net/xforce/xfdb/16774
(UNKNOWN)  XF  helpbox-url-gain-access(16774)
http://xforce.iss.net/xforce/xfdb/16772
(UNKNOWN)  XF  helpbox-multiple-sql-injection(16772)
http://www.securityfocus.com/bid/10776
(UNKNOWN)  BID  10776
http://www.securiteam.com/windowsntfocus/5VP0S0ADFW.html
(UNKNOWN)  MISC  http://www.securiteam.com/windowsntfocus/5VP0S0ADFW.html

- 漏洞信息

Layton Technology HelpBox多个SQL注入漏洞
高危 SQL注入
2004-12-31 00:00:00 2006-01-24 00:00:00
远程  
        Layton HelpBox 3.0.1版本存在多个SQL注入漏洞。远程攻击者可以借助以下参数执行任意SQL命令:(1)editcommentenduser.asp中的sys_comment_id参数,(2)editsuspensionuser.asp中的sys_suspend_id参数,(3)export_data.asp中的table参数,(4)manageanalgrouppreference.asp中的sys_analgroup参数,(5)quickinfoassetrequests.asp中的sys_asset_id参数,(6) quickinfoenduserrequests.asp中的sys_eusername参数,以及(7)requestauditlog.asp中的,(8)requestcommentsenduser.asp中的,(9) selectrequestapplytemplate.asp中的,和(10)selectrequestlink.asp中的sys_request_id parameter参数,该漏洞可能导致创建一个HelpBox的新用户账户,并且从后端数据库读取,修改或删除数据。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (24303)

Layton Technology HelpBox 3.0.1 Multiple SQL Injection Vulnerabilities (EDBID:24303)
php webapps
2004-07-21 Verified
0 Noam Rathaus
N/A [点击下载]
source: http://www.securityfocus.com/bid/10776/info

It is reported that HelpBox is susceptible to multiple SQL injection vulnerabilities. This issue is due to improper sanitization of user-supplied data. 

These problems present themselves when malicious SQL statements are passed to certain scripts.

Some scripts require administrative privileges to HelpBox. One script reportedly allows exporting any table in the SQL server.

These issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

HelpBox version 3.0.1 is reported vulnerable to these issues.

http://www.example.com/laytonhelpdesk/editcommentenduser.asp?sys_comment_id=1'		

- 漏洞信息

8170
HelpBox editcommentenduser.asp sys_comment_id Parameter SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Unknown

- 漏洞描述

HelpBox contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'sys_comment_id' variable in the 'editcommentenduser.asp' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

- 时间线

2004-07-21 2004-04-15
Unknow Unknow

- 解决方案

Upgrade to version 3.4.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Layton Technology HelpBox Multiple SQL Injection Vulnerabilities
Input Validation Error 10776
Yes No
2004-07-21 12:00:00 2004-07-21 12:00:00
Noam Rathaus <expert@securiteam.com> disclosed this vulnerability.

- 受影响的程序版本

Layton Technology HelpBox 3.0.1

- 漏洞讨论

It is reported that HelpBox is susceptible to multiple SQL injection vulnerabilities. This issue is due to improper sanitization of user-supplied data.

These problems present themselves when malicious SQL statements are passed to certain scripts.

Some scripts require administrative privileges to HelpBox. One script reportedly allows exporting any table in the SQL server.

These issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

HelpBox version 3.0.1 is reported vulnerable to these issues.

- 漏洞利用

No exploit is required. A proof-of-concept URI was provided:

http://www.example.com/laytonhelpdesk/editcommentenduser.asp?sys_comment_id=1'

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站