Details of VAR-E-201107-0314

ID

VAR-E-201107-0314

CVE

cve_id:

CVE-2011-2403

Trust: 1.9

sources: BID: 48924 // EXPLOIT-DB: 36000 // EDBNET: 57374

EDB ID

36000

TITLE

HP Network Automation 9.10 - SQL Injection - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36000

DESCRIPTION

HP Network Automation 9.10 - SQL Injection. CVE-2011-2403CVE-74134 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 36000

AFFECTED PRODUCTS

vendor:	hp	model:	network automation	scope:	eq	version:	9.10	Trust: 1.3
vendor:	hp	model:	network automation	scope:	eq	version:	9.0	Trust: 0.3
vendor:	hp	model:	network automation	scope:	eq	version:	7.6	Trust: 0.3
vendor:	hp	model:	network automation	scope:	eq	version:	7.5	Trust: 0.3
vendor:	hp	model:	network automation	scope:	eq	version:	7.2	Trust: 0.3
vendor:	hp	model:	network automation	scope:	eq	version:	0	Trust: 0.3

sources: BID: 48924 // EXPLOIT-DB: 36000

EXPLOIT

source: https://www.securityfocus.com/bid/48924/info

HP Network Automation is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, 9.10 are vulnerable.

http://www.example.com/view.php?id=1'+union+select+1,2,concat(user(),0x3a,version(),0x3a,database()),4,5,6,7,8,9,10,11'

Trust: 1.0

sources: EXPLOIT-DB: 36000

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36000

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36000

TYPE

SQL Injection

Trust: 1.0

sources: EXPLOIT-DB: 36000

CREDITS

anonymous

Trust: 0.6

sources: EXPLOIT-DB: 36000

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2403	Trust: 1.9
db:	BID	id:	48924	Trust: 1.9
db:	EXPLOIT-DB	id:	36000	Trust: 1.6
db:	EDBNET	id:	57374	Trust: 0.6

sources: BID: 48924 // EXPLOIT-DB: 36000 // EDBNET: 57374

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2011-2403	Trust: 1.6
url:	https://www.securityfocus.com/bid/48924/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/36000/	Trust: 0.6
url:	http://www.hp.com	Trust: 0.3

sources: BID: 48924 // EXPLOIT-DB: 36000 // EDBNET: 57374

SOURCES

db:	BID	id:	48924
db:	EXPLOIT-DB	id:	36000
db:	EDBNET	id:	57374

LAST UPDATE DATE

2022-07-27T09:43:07.013000+00:00

SOURCES UPDATE DATE

db:

BID

id:

48924

date:

2011-07-28T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	48924	date:	2011-07-28T00:00:00
db:	EXPLOIT-DB	id:	36000	date:	2011-07-28T00:00:00
db:	EDBNET	id:	57374	date:	2011-07-28T00:00:00