Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bulb Security Smartphone Pentest Framework SQL注入漏洞
Vulnerability Description
Bulb Security Smartphone Pentest Framework(SPF)是一套开源的智能手机渗透测试框架,它可帮助测试当前网络环境中手机的安全漏洞,包括远程漏洞、客户端漏洞和、本地提权等。 Bulb Security SPF 0.1.3之前版本中存在SQL注入漏洞,该漏洞源于多个脚本没有充分过滤参数。远程攻击者可利用该漏洞执行任意SQL命令。包括:frameworkgui/attach2Agents.pl脚本没有充分过滤多个参数(agentPhNo、controlPhNo、agent
CVSS Information
N/A
Vulnerability Type
N/A