CVE-2006-1930
CVSS6.4
发布时间 :2006-04-20 14:06:00
修订时间 :2008-11-03 01:18:01
NMCO    

[原文]** DISPUTED ** Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying "those parameters mentioned ARE checked (preg_match) before they are used in SQL-query... If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because _nothing_ was passed inside that parameter (to MySQL-database)." As allowed by the vendor, CVE investigated this report on 20060525 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations.


[CNNVD](CNNVD-200604-381)

        **争议** Green Minute 1.0 及早期版本中的userscript.php 中的存在多个SQL注入漏洞。这使得远程攻击者可以借助于参数(1) huserid, (2) pituus或(3) date执行任意SQL命令。 注:厂商对此问题持有争议,称"提到的那些参数在用于SQL查询之前应被检查(preg_match)。如果某人决定向某个参数中添加SQL注入,他们将看到错误文本,这是因为_nothing_被传递到该参数(MySQL数据库)中。 经厂商允许,CVE在2006年5月25日调查了该报告并发现,当给定标准的SQL注入操作时,演示站点证明了非敏感SQL错误。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1930
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1930
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-381
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/25942
(UNKNOWN)  XF  greenminute-userscript-sql-injection(25942)
http://www.osvdb.org/25207
(UNKNOWN)  OSVDB  25207
http://pridels0.blogspot.com/2006/04/green-minute-sql-inj-vuln.html
(UNKNOWN)  MISC  http://pridels0.blogspot.com/2006/04/green-minute-sql-inj-vuln.html
http://osvdb.org/ref/25/25207-dispute.txt
(UNKNOWN)  MISC  http://osvdb.org/ref/25/25207-dispute.txt
http://hoito.org/en/products/
(UNKNOWN)  MISC  http://hoito.org/en/products/

- 漏洞信息

中危 SQL注入
2006-04-20 00:00:00 2006-06-01 00:00:00
远程  
        **争议** Green Minute 1.0 及早期版本中的userscript.php 中的存在多个SQL注入漏洞。这使得远程攻击者可以借助于参数(1) huserid, (2) pituus或(3) date执行任意SQL命令。 注:厂商对此问题持有争议,称"提到的那些参数在用于SQL查询之前应被检查(preg_match)。如果某人决定向某个参数中添加SQL注入,他们将看到错误文本,这是因为_nothing_被传递到该参数(MySQL数据库)中。 经厂商允许,CVE在2006年5月25日调查了该报告并发现,当给定标准的SQL注入操作时,演示站点证明了非敏感SQL错误。

- 公告与补丁

        

- 漏洞信息

25207
Green Minute userscript.php Multiple Parameter SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity Solution Unknown
Vendor Disputed, Third-party Disputed

- 漏洞描述

Green Minute has been reported to contain an SQL injection flaw in the userscript.php script. The original report indicates that multiple variables fail to sanitize input before passing it to the database for processing. After vendor contact and subsequent testing, it appears that user input is properly sanitized. It is believed that the SQL error message output on a failed query was mistaken for indication of injection ability.

- 时间线

2006-04-20 Unknow
Unknow Unknow

- 解决方案

The vulnerability reported is incorrect. No solution required.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站