KB Affiliate Referral Script 1.0 /index.php username/password SQL注入

KB Affiliate Referral Script 1.0中曾发现一漏洞,此漏洞被分类为致命。 此漏洞会影响未知部件文件 /index.php。 手动调试的软件参数:username/password使用输入:'or''='不合法输入可导致 SQL注入。 漏洞的CWE定义是 CWE-89。 此漏洞的脆弱性 2017-01-26由公示人Ihsan Sencan、公示人身份EDB-ID 41166、公示人类型为Exploit (Exploit-DB)所发布。 分享公告的网址是exploit-db.com。 该漏洞唯一标识为CVE-2017-20126, 攻击可以远程发起, 有技术细节可用。 此外还有一个漏洞可利用。 该漏洞利用已公开,可能会被利用。 当前漏洞利用价值为美元大约是 $0-$5k。 MITRE ATT&CK项目使用攻击技术T1505来解决该问题。 它被宣布为proof-of-concept。 该漏洞利用的共享下载地址为:exploit-db.com。 我们估计的零日攻击价值约为$0-$5k。 该漏洞被披露后,远在此前发表过可能的缓解措施。

字段2022-11-11 22時37分2022-11-11 22時46分2022-11-11 22時57分
nameKB Affiliate Referral ScriptKB Affiliate Referral ScriptKB Affiliate Referral Script
version1.01.01.0
file/index.php/index.php/index.php
argumentusername/passwordusername/passwordusername/password
input_value'or''=''or''=''or''='
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore6.16.16.1
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore7.38.18.1
cvss3_meta_tempscore6.98.08.0
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.96.96.9
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1485388800 (2017-01-26)1485388800 (2017-01-26)1485388800 (2017-01-26)
locationExploit-DBExploit-DBExploit-DB
typeExploitExploitExploit
urlhttps://www.exploit-db.com/exploits/41166/https://www.exploit-db.com/exploits/41166/https://www.exploit-db.com/exploits/41166/
identifierEDB-ID 41166EDB-ID 41166EDB-ID 41166
person_nameIhsan SencanIhsan SencanIhsan Sencan
availability111
date1485388800 (2017-01-26)1485388800 (2017-01-26)1485388800 (2017-01-26)
publicity111
urlhttps://www.exploit-db.com/exploits/41166/https://www.exploit-db.com/exploits/41166/https://www.exploit-db.com/exploits/41166/
developer_nameIhsan SencanIhsan SencanIhsan Sencan
price_0day$0-$5k$0-$5k$0-$5k
exploitdb411664116641166
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcCCC
cvss3_vuldb_ePPP
cvss3_vuldb_rlXXX
cvss3_vuldb_rcCCC
typeAdvertising SoftwareAdvertising SoftwareAdvertising Software
exploitdb_date1485388800 (2017-01-26)1485388800 (2017-01-26)1485388800 (2017-01-26)
cwe89 (SQL注入)89 (SQL注入)89 (SQL注入)
cveCVE-2017-20126CVE-2017-20126CVE-2017-20126
responsibleVulDBVulDBVulDB
cve_assigned1656367200 (2022-06-28)1656367200 (2022-06-28)1656367200 (2022-06-28)
cve_nvd_summaryA vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prNN
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cLL
cvss3_cna_iLL
cvss3_cna_aLL
cve_cnaVulDBVulDB
cvss3_nvd_basescore9.89.8
cvss3_cna_basescore7.37.3

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!