CVE-2005-3817
CVSS7.5
发布时间 :2005-11-25 21:03:00
修订时间 :2011-09-06 00:00:00
NMCOES    

[原文]Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.


[CNNVD]Softbiz Web Host Directory Script多个SQL注入漏洞(CNNVD-200511-385)

        Softbiz Host Directory 是web主机服务对比网站PHP脚本。
        Softbiz Web Host Directory Script 1.1及更早版本中的多个SQL注入漏洞,可让远程攻击者通过以下方式执行任意SQL命令:(1) search_result.php中的cid参数,(2) review.php中的sbres_id参数,(3) browsecats.php中的cid参数,(4) email.php中的h_id参数以及(5)搜索模块的未指定参数。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-89 [SQL命令中使用的特殊元素转义处理不恰当(SQL注入)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3817
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3817
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-385
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/23208
(UNKNOWN)  XF  softbiz-whds-multiple-sql-injection(23208)
http://www.vupen.com/english/advisories/2005/2557
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2557
http://www.securityfocus.com/bid/15561
(UNKNOWN)  BID  15561
http://www.osvdb.org/21083
(UNKNOWN)  OSVDB  21083
http://www.osvdb.org/21082
(UNKNOWN)  OSVDB  21082
http://www.osvdb.org/21081
(UNKNOWN)  OSVDB  21081
http://www.osvdb.org/21080
(UNKNOWN)  OSVDB  21080
http://www.osvdb.org/21079
(UNKNOWN)  OSVDB  21079
http://secunia.com/advisories/17724
(VENDOR_ADVISORY)  SECUNIA  17724
http://pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.html
(UNKNOWN)  MISC  http://pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.html

- 漏洞信息

Softbiz Web Host Directory Script多个SQL注入漏洞
高危 SQL注入
2005-11-25 00:00:00 2006-06-12 00:00:00
远程  
        Softbiz Host Directory 是web主机服务对比网站PHP脚本。
        Softbiz Web Host Directory Script 1.1及更早版本中的多个SQL注入漏洞,可让远程攻击者通过以下方式执行任意SQL命令:(1) search_result.php中的cid参数,(2) review.php中的sbres_id参数,(3) browsecats.php中的cid参数,(4) email.php中的h_id参数以及(5)搜索模块的未指定参数。

- 公告与补丁

        暂无数据

- 漏洞信息 (12439)

SoftBizScripts Hosting Script SQL Injection Vunerability (EDBID:12439)
php webapps
2010-04-28 Verified
0 41.w4r10r
N/A [点击下载]
# Exploit Title: SoftBizScripts Hosting Script SQL Injection Vunerability
# Date: 29-4-2010
# Author: 41.w4r10r
# Vendor Link : http://softbizscripts.com/
# Version: Web Application
# Tested on: Apcahe/Unix
# CVE : [if exists]
# Dork :  inurl:"browsecats.php?cid="
# Code :
---------------------------------------------------------------------------------------
############################################################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber
Warriors]
#Thanks:
SaiSatish,FB1H2S,Godwin_Austin,Micr0,Harin,Jappy,Dark_Blue,sid3^3f3c7
#Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d
#Catch us at www.andhrahackers.com or www.teamicw.in
############################################################################



Exploited Link :

http://[site]m/browsecats.php?cid=2'

example :

http://[site]/browsecats.php?cid=2+union+select+1,version(),3,4--



#41.w4r10r mailto:41.w4r10r@andhrahackers.com

		

- 漏洞信息

21079
Softbiz Web Host Directory search_result.php cid Parameter SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity

- 漏洞描述

Web Host Directory contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'search_result.php' script not properly sanitizing user-supplied input to the 'cid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

- 时间线

2005-11-23 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Softbiz Web Host Directory Script Multiple SQL Injection Vulnerabilities
Input Validation Error 15561
Yes No
2005-11-24 12:00:00 2010-04-29 05:23:00
r0t is credited with the discovery of this vulnerability.

- 受影响的程序版本

SoftBiz Web Hosting Directory Script 1.1

- 漏洞讨论

Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Version 1.1 and earlier are affected; other versions may also be affected.

- 漏洞利用

No exploit is required.

Example URIs have been provided:

http://www.example.com/search_result.php?cid=[sql]
http://www.example.com/browsecats.php?cid=[sql]
http://www.example.com/review.php?sbres_id=[sql]
http://www.example.com/email.php?&h_id=[sql]
http://www.example.com/browsecats.php?cid=2+union+select+1,version(),3,4--

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站