bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/37926.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

40 lines
No EOL
1.4 KiB
Text
Raw Blame History

+-------------------------------------+
+ Netsweeper 2.6.29.8 - SQL Injection +
+-------------------------------------+
Affected Product: Netsweeper
Vendor Homepage : www.netsweeper.com
Version : 2.6.29.8 (and probably other versions)
Discovered by : Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
Patched : Yes
CVE : CVE-2014-9613
+---------------------+
+ Product Description +
+---------------------+
Netsweeper is a software solution specialized in content filtering.
+----------------------+
+ Exploitation Details +
+----------------------+
Two specific parameters in two pages of Netsweeper Content Filtering solution v2.6.29.8 (and probable earlier versions) are vulnerable to SQL injection.
Condition: The exploitation can be performed by any non-authenticated user with access to the vulnerable pages (usually from everyone).
Vulnerability Type: SQL Injection [SQLi-I]
Vulnerable Page I: http://netsweeper/webadmin/auth/verification.php
Vulnerable POST Parameter: login
Vulnerability Type: SQL Injection [SQLi-II]
Vulnerable Page II: http://netsweeper/webadmin/deny/index.php
Vulnerable POST Parameter: dpid
+----------+
+ Solution +
+----------+
Upgrade to latest version.
+---------------------+
+ Disclosure Timeline +
+---------------------+
12-Jan-2011: Netsweeper fixed issue on 2.6.29.10
17-Jan-2015: CVE assigned CVE-2014-9613
11-Aug-2015: Public disclosure
Reference in a new issue View git blame Copy permalink