TualBLOG 1.0的icerik.asp中存在多个SQL注入漏洞,远程攻击者可以执行任意SQL命令,如通过icerikno参数所示。
来源: XF
名称: tualblog-icerik-sql-injection(28919)
链接:http://xforce.iss.net/xforce/xfdb/28919
来源: BID
名称: 20002
链接:http://www.securityfocus.com/bid/20002
来源: BUGTRAQ
名称: 20060913 TualBLOG v 1.0 multiple sql injection
链接:http://www.securityfocus.com/archive/1/archive/1/445918/100/0/threaded
来源: MILW0RM
名称: 2362
链接:http://www.milw0rm.com/exploits/2362
来源: VUPEN
名称: ADV-2006-3609
链接:http://www.frsirt.com/english/advisories/2006/3609
来源: SECUNIA
名称: 21918
链接:http://secunia.com/advisories/21918
来源: SREASON
名称: 1588
链接:http://securityreason.com/securityalert/1588
来源: MILW0RM
名称: 2362
链接:http://milw0rm.com/exploits/2362
暂无
