[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] [CVE-2014-3719] ALEPH500 (Integrated librarymanagement system) SQL Injection

To: "cert"<cert@xxxxxxxx>
Subject: Re: [FD] [CVE-2014-3719] ALEPH500 (Integrated librarymanagement system) SQL Injection
From: "shady.liu"<shady.liu@xxxxxxxxxxxxxxxxxxxx>
Date: Sun, 18 May 2014 09:09:10 +0800

<div style="font:14px/1.5 'Lucida Grande', '微软雅黑';color:#333;"><p 
style="font:14px/1.5 'Lucida Grande';margin:0;"><br></p><br><div 
class="mail_quote_471E38C8EECF4760A34E2336537EB184" style="font: 14px/1.5 
'Lucida Grande';color:#333;"><div style="font:14px/1.5 'Lucida Grande', 
'微软雅黑';color:#333;"><p class="ordinary-output target-output" style="margin: 0px 
0px 5px; padding: 0px; line-height: 22px; font-family: arial;"><span 
left-pos="0|10" right-pos="0|10" space="">Greetings:</span></p><p 
class="ordinary-output target-output" style="margin: 0px 0px 5px; padding: 0px; 
line-height: 22px; font-family: arial;"><span left-pos="0|10" right-pos="0|10" 
space=""><br></span></p><p class="ordinary-output target-output" style="margin: 
0px 0px 5px; padding: 0px; line-height: 22px; font-family: arial;"><span 
left-pos="0|10" right-pos="0|10" space="">Oh very</span><span left-pos="10|12" 
right-pos="10|12" space="0| ">&nbsp;feel shy</span><span left-pos="22|3" 
right-pos="22|3" space="">,</span><span left-pos="25|12" right-pos="25|12" 
space="0| " class="">&nbsp;injection</span><span left-pos="37|6" 
right-pos="37|6" space="0| ">&nbsp;parameter</span><span left-pos="44|1" 
right-pos="44|1" space="0| ">&nbsp;"</span><span left-pos="45|3" 
right-pos="45|3" space="0| " class="">lib</span><span left-pos="49|3" 
right-pos="49|3" space="">,</span><span left-pos="52|5" right-pos="52|5" 
space="0| ">&nbsp;docnum</span><span left-pos="57|3" right-pos="57|3" space="0| 
,1|
">"</span></p><p class="ordinary-output target-output" style="margin: 0px 0px 
5px; padding: 0px; line-height: 22px; font-family: arial;"><span 
left-pos="62|3" right-pos="0|3" space="" class="">[0]</span><span 
left-pos="66|6" right-pos="4|6" space="0| ">&nbsp;place:</span><span 
left-pos="73|3" right-pos="11|3" space="0| ">&nbsp;GET</span><span 
left-pos="76|1" right-pos="14|1" space="">,</span><span left-pos="78|10" 
right-pos="16|10" space="0| " class="">&nbsp;parameter:</span><span 
left-pos="89|6" right-pos="27|6" space="0| ">&nbsp;docnum</span><span 
left-pos="95|1" right-pos="33|1" space="">,</span><span left-pos="97|5" 
right-pos="35|5" space="0| " class="">&nbsp;type:</span><span left-pos="103|6" 
right-pos="41|6" space="0| ">&nbsp;Single</span><span left-pos="110|6" 
right-pos="48|6" space="0| ">&nbsp;quoted</span><span left-pos="117|6" 
right-pos="55|6" space="0| ">&nbsp;string</span><span left-pos="124|1" 
right-pos="62|1" space="0| ">&nbsp;(</span><span left-pos="125|7" 
right-pos="63|7" space="0| ">default</span><span left-pos="132|1" 
right-pos="70|1" space="0| ,1|
">)</span></p><p class="ordinary-output target-output" style="margin: 0px 0px 
5px; padding: 0px; line-height: 22px; font-family: arial;"><span 
left-pos="134|3" right-pos="0|3" space="">[1]</span><span left-pos="138|6" 
right-pos="4|6" space="0| " class="">&nbsp;place:</span><span left-pos="145|3" 
right-pos="11|3" space="0| ">&nbsp;GET</span><span left-pos="148|1" 
right-pos="14|1" space="">,</span><span left-pos="150|10" right-pos="16|10" 
space="0| " class="">&nbsp;parameter:</span><span left-pos="161|3" 
right-pos="27|3" space="0| ">&nbsp;lib</span><span left-pos="164|1" 
right-pos="30|1" space="">,</span><span left-pos="166|5" right-pos="32|5" 
space="0| ">&nbsp;type:</span><span left-pos="172|6" right-pos="38|6" space="0| 
" class="">&nbsp;Single</span><span left-pos="179|6" right-pos="45|6" space="0| 
">&nbsp;quoted</span><span left-pos="186|6" right-pos="52|6" space="0| ,1|
">&nbsp;string</span></p><p class="ordinary-output target-output" 
style="margin: 0px 0px 5px; padding: 0px; line-height: 22px; font-family: 
arial;"><span left-pos="194|7" right-pos="0|7" space="">Replace</span><span 
left-pos="202|3" right-pos="8|3" space="0| ">&nbsp;"</span><span 
left-pos="205|3" right-pos="11|3" space="0| " class="">lib</span><span 
left-pos="208|3" right-pos="14|3" space="">,</span><span left-pos="211|6" 
right-pos="17|6" space="0| " class="">&nbsp;docnum</span><span left-pos="217|1" 
right-pos="23|1" space="0| ">"</span><span left-pos="219|9" right-pos="25|9" 
space="0| ">&nbsp;parameter</span><span left-pos="229|5" right-pos="35|5" 
space="0| " class="">&nbsp;value</span><span left-pos="235|4" right-pos="41|4" 
space="0| ">&nbsp;with</span><span left-pos="240|3" right-pos="46|3" space="0| 
">&nbsp;"</span><span left-pos="245|3" right-pos="51|3" space="0| 
">AND</span><span left-pos="249|9" right-pos="55|9" space="0| 
">&nbsp;6012=6012</span><span left-pos="259|3" right-pos="65|3" space="0| 
">AND</span><span left-pos="263|8" right-pos="69|8" space="0| 
">'SM'='SM</span><span left-pos="243|1" right-pos="49|1" space="0| 
">'</span><span left-pos="271|3" right-pos="77|3" space="0| ,1|
">"</span></p><p class="ordinary-output target-output" style="margin: 0px 0px 
5px; padding: 0px; line-height: 22px; font-family: arial;"><span 
left-pos="276|9" right-pos="0|9" space="">Could you</span><span 
left-pos="285|12" right-pos="9|12" space="0| " 
class="">&nbsp;update</span><span left-pos="297|6" right-pos="21|6" space="0| 
">&nbsp;information</span><span left-pos="303|3" right-pos="27|3" 
space="">.</span><span left-pos="306|9" right-pos="30|9" space="0| ,1|
" class="">&nbsp;Thank you.</span></p><div><span left-pos="306|9" 
right-pos="30|9" space="0| ,1|
" class=""><br></span></div><br><div><div style="font: 14px/1.5 'Lucida 
Grande';"><div style="font-family: Helvetica; font-size: 13px; line-height: 
normal; orphans: 2; widows: 2; word-wrap: break-word; -webkit-nbsp-mode: space; 
-webkit-line-break: after-white-space;">Shady.liu</div><div style="font-family: 
Helvetica; font-size: 13px; line-height: normal; orphans: 2; widows: 2; 
word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: 
after-white-space;"><br>DBAppSecurity 
Co.Ltd.<br>-------------------------------------------------------------------------<br><br></div><div
 style="font-family: Helvetica; font-size: 13px; line-height: normal; orphans: 
2; widows: 2; word-wrap: break-word; -webkit-nbsp-mode: space; 
-webkit-line-break: after-white-space;">Email:<a 
href="mailto:Shady.liu@xxxxxxxxxxxxxxxxxxxx"; 
title="mailto:Shady.liu@xxxxxxxxxxxxxxxxxxxx";>Shady.liu@xxxxxxxxxxxxxxxxxxxx</a><br>----------------------------------------------------------</div></div></div><span
 style="font: 14px/1.5 'Lucida Grande';color:#333;"><br></span><div 
class="foxmail_blockquote_fromhere_element" style="font: 12px/1.5 'Lucida 
Grande';padding:2px 0 2px 0;"><br></div></div></div></div>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Information Exposure via SNMP on ARRIS / Motorola SBG6580 Cable Modem Gateway
Next by Date: [FD] JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]
Previous by thread: [FD] Information Exposure via SNMP on ARRIS / Motorola SBG6580 Cable Modem Gateway
Next by thread: [FD] JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]
Index(es):
- Date
- Thread